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PIPELINES: SECURING THE VEINS OF THE 
AMERICAN ECONOMY 


Tuesday, April 19, 2016 

U.S. House of Representatives, 

Committee on Homeland Security, 
Subcommittee on Transportation Security, 

Washington, DC. 

The subcommittee met, pursuant to call, at 2:24 p.m., in Room 
311, Cannon House Office Building, Hon. John Katko [Chairman of 
the subcommittee] presiding. 

Present: Representatives Katko, Rogers, Carter, Ratcliffe, and 
Rice. 

Mr. Katko. The Committee on Homeland Security, Sub- 
committee on Transportation Security will come to order. The sub- 
committee is meeting today to examine how the Transportation Se- 
curity Administration works with pipeline stakeholders to secure 
this critical infrastructure. 

I now recognize myself for an opening statement. Over 2.6 mil- 
lion miles of pipeline run through the United States carrying oil 
and natural gas operated by approximately 3,000 companies. The 
integrity of this complex network of pipelines is critical not only to 
our economy, but in keeping our cars running and our stoves burn- 
ing. Following the creation of the Department of Homeland Secu- 
rity, responsibility for pipeline security shifted to the TSA, while 
the Department of Transportation retained responsibility for pipe- 
line safety. Although the terms safety and security are often used 
interchangeably, the root causes for concern behind each of these 
concepts are fundamentally different and warrant differing ap- 
proaches. 

While safety focuses on preventing and responding to accidents, 
security aims to thwart malicious actors with ill intentions from 
damaging or disrupting pipeline operations. The threat to pipeline 
security has been deemed relatively low by the intelligence commu- 
nity. This is largely due to security measures put in place by opera- 
tors and the extent to which a vast majority of the U.S. pipeline 
network is buried underground. However, we must remain diligent. 
Just because terrorists have not yet targeted pipelines for an at- 
tack does not mean they will not in the future. In addition to phys- 
ical attacks, we must also guard against cyber attacks. 

Our adversaries, including North Korea, China, Russia, and Iran 
have shown a proclivity for launching sophisticated cyber attacks 
against U.S. companies, banks, and critical infrastructure. In 
March the Justice Department indicted members of Iran’s Revolu- 
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tionary Guard for hacking the operational control system of a small 
dam in my home State of New York. 

While there is no evidence that hackers had been able to pene- 
trate the industrial systems of pipelines, there have been several 
high-profile incidents where the systems of global energy compa- 
nies have been compromised and sensitive information fell into the 
wrong hands. As hackers become more sophisticated, we cannot 
discount the possibility that they may one day seek to intrude on 
the industrial control systems, disrupting the flow of oil and nat- 
ural gas. Although TSA has the authority to regulate pipeline secu- 
rity, they have chosen instead to pursue a more collaborative ap- 
proach with the industry. That could serve as a model for other 
parts of the Government. However, I am concerned that TSA has 
not issued any updates to the pipeline security guidelines since 
2011. 

I look forward to learning more about how TSA and industry 
stakeholders work together to ensure the security of our Nation’s 
pipelines. Although I must say I am preliminarily encouraged that 
all sides seem to be happy with the current arrangement. 

I would like to thank everyone for being here today, and I look 
forward to hearing the testimony from our distinguished panel of 
witnesses. 

With that I now recognize my Ranking Member of the sub- 
committee, the gentlewoman from New York, Miss Rice, for any 
statements she may have. 

[The statement of Chairman Katko follows:] 

Statement of Chairman John Katko 
April 19, 2016 

Over 2.6 million miles of pipeline run through the United States carrying oil and 
natural gas operated by approximately 3,000 companies. The integrity of this com- 
plex network of pipelines is critical not only to our economy, but in keeping our cars 
running and our stoves burning. 

Following the creation of the Department of Homeland Security, responsibility for 
pipeline security shifted to the Transportation Security Administration while the 
Department of Transportation retained responsibility for pipeline safety. Although, 
the terms “safety” and “security” are often used interchangeably, the root causes for 
concern behind each of these concepts are fundamentally different and warrant dif- 
fering approaches. While safety focuses on preventing and responding to accidents, 
security aims to thwart malicious actors with ill intentions from damaging or dis- 
rupting pipeline operations. 

The threat to pipeline security has been deemed relatively low by the intelligence 
community. This is largely due to security measures put in place by operators and 
the extent to which a vast majority of the U.S. pipeline network is buried under- 
ground. However, we must remain diligent. Just because terrorists have not yet tar- 
geted pipelines for an attack does not mean they will not in the future. 

In addition to physical attacks, we must also guard against cyber attacks. Our ad- 
versaries, including North Korea, China, Russia, and Iran, have shown a proclivity 
for launching sophisticated cyber attacks against U.S. companies, banks, and critical 
infrastructure. 

In March, the Justice Department indicted members of Iran’s Revolutionary 
Guard Corps for hacking the operational control system of a small dam in my home 
State of New York. While there is no evidence that hackers have been able to pene- 
trate the industrial control systems of pipelines, there have been several high-profile 
incidents where the systems of global energy companies have been compromised and 
sensitive information fell into the wrong hands. As hackers become more sophisti- 
cated, we cannot discount the possibility that they may one day seek to intrude on 
the industrial control systems, disrupting the flow of oil and natural gas. 
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Although TSA has the authority to regulate pipeline security, they have chosen 
instead to pursue a more collaborative approach with the industry, that could serve 
as a model for other parts of the Government. 

However, I am concerned that TSA has not issued an update to the Pipeline Secu- 
rity Guidelines since 2011. I look forward to learning more about how TSA and in- 
dustry stakeholders work together to ensure the security of our Nation’s pipelines. 

I would like to thank everyone for being here today. I look forward to hearing the 
testimony from our distinguished panel of witnesses. 

Mr. Katko. With that I now recognize my Ranking Member of 
the subcommittee, the gentlewoman from New York, Miss Rice, for 
any statements she may have. 

Miss Rice. Thank you, Mr. Chairman. Thank you for convening 
this hearing. I would also like to thank the witnesses for coming 
to talk with us about the current state of pipeline security, as well 
as the major threats facing the industry, and the biggest 
vulnerabilities that need to be addressed. I understand that it has 
been several years since this committee last held a hearing on our 
Nations pipelines. So I think it is important that we are here today 
to examine how TSA implements and enforces policies regarding 
pipeline security, as well as the steps the industry takes on their 
own initiative. 

Last week we held a roundtable briefing with stakeholders in the 
oil and natural gas pipeline industry. I was impressed by the con- 
fidence they have in their relationship with TSA. They appreciate 
that TSA understands there is no one-size-fits-all approach to pipe- 
line security. I was pleased to hear that TSA and the pipeline in- 
dustry have that kind of constructive partnership with open and 
honest communication. Because there is no question that pipelines 
are a potential target. 

With more than 2.5 million miles of pipelines carrying gas, oil, 
and other hazard materials across the country, an attack against 
a pipeline could cause major commercial and environmental dam- 
age. So it is important that the policies and procedures we put in 
place, to secure pipelines, reflect the magnitude of that threat. I 
understand that rather than issuing regulations, TSA has imple- 
mented several initiatives like the Corporate Security Review, dur- 
ing which TSA visits the largest pipeline operators to examine 
their facilities and their security plans. I am interested to learn 
more about that process, how often TSA conducts theses reviews, 
and what resources they use to inspect pipeline operators. 

I would also like to know whether or not TSA receives input from 
DHS’s National Protection and Programs Directorate when dealing 
with pipeline security, both physical and cyber. During our round- 
table discussion last week, it was clear that when it comes to elimi- 
nating vulnerabilities, stakeholders are focused primarily on cyber- 
security. Pipeline operators use supervisory control and data acqui- 
sition systems to remotely control and observe pipelines. 

Cybersecurity is a top priority right now for many industries and 
Government agencies. So I hope to hear more from our witnesses 
about what pipeline operators are doing to better protect their 
cyber infrastructure, and how TSA is supporting those efforts, and 
helping to raise awareness about cyber vulnerabilities. I know that 
TSA holds regular conference calls with stakeholders so they can 
share information and keep open lines of communication. 
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I would like to hear from our witnesses about how that process 
works, and whether TSA is providing the actionable information 
they need to be prepared to identify and address vulnerabilities. 

Thankfully there have not been any successful attacks against 
our Nation’s pipeline systems. But there have been attempts, like 
in 2007 when 3 men were arrested for plotting to blow up fuel 
tanks and pipelines at JFK Airport in New York, which is just out- 
side my district. We must remain cognizant of the fact that terror- 
ists are always looking to exploit vulnerabilities, and our pipelines 
are a major target. So we have to always stay 2 steps ahead. 

Again, I want to thank all of our witnesses for being here to as- 
sist us in that effort. I thank Chairman Katko for convening this 
hearing. I look forward to a productive discussion today. I yield 
back the balance of my time. 

[The prepared statement of Ranking Member Rice follows:] 
Statement of Ranking Member Kathleen M. Rice 
April 19, 2016 

I understand that it’s been several years since this committee last held a hearing 
on our Nation’s pipelines, so I think it’s important that we’re here today to examine 
how TSA implements and enforces policies regarding pipeline security, as well as 
the steps the industry takes on their own initiative. 

Last week, we held a roundtable briefing with stakeholders in the oil and natural 
gas pipeline industry, and I was impressed by the confidence they have in their rela- 
tionship with TSA. They appreciate that TSA understands there’s no one-size-fits- 
all approach to pipeline security. 

I was pleased to hear that TSA and the pipeline industry have that kind of con- 
structive partnership with open and honest communication — because there’s no 
question that pipelines are a potential target. With more than 2.5 million miles of 
pipelines carrying gas, oil, and other hazardous materials across the country, an at- 
tack against a pipeline could cause major commercial and environmental damage. 
So it’s important that the policies and procedures we put in place to secure pipelines 
reflect the magnitude of that threat. 

I understand that rather than issuing regulations, TSA has implemented several 
initiatives like the Corporate Security Review — during which, TSA visits the largest 
pipeline operators to examine their facilities and security plans. I’m interested to 
learn more about that process — how often TSA conducts these reviews, and what 
resources they use to inspect pipeline operators. 

I’d also like to know whether or not TSA receives input from DHS’s National Pro- 
tection and Programs Directorate when dealing with pipeline security — both phys- 
ical and cyber. During our roundtable discussion last week, it was clear that when 
it comes to eliminating vulnerabilities, stakeholders are focused primarily on cyber- 
security. Pipeline operators use supervisory control and data acquisition systems to 
remotely control and observe pipelines. 

Cybersecurity is a top priority right now for many industries and Government 
agencies — so I hope to hear more from our witnesses about what pipeline operators 
are doing to better protect their cyber infrastructure, and how TSA is supporting 
those efforts and helping to raise awareness about cybervulnerabilities. 

I know that TSA holds regular conference calls with stakeholders so they can 
share information and keep open lines of communication. I’d like to hear from our 
witnesses about how that process works, and whether TSA is providing the action- 
able information they need to be prepared to identify and address vulnerabilities. 

Thankfully, there have not been any successful attacks against our Nation’s pipe- 
line systems, but there have been attempts — like in 2007, when 3 men were ar- 
rested for plotting to blow up fuel tanks and pipelines at JFK Airport in New York 
just outside my district. We must remain cognizant of the fact that terrorists are 
always looking to exploit vulnerabilities, and our pipelines are a major target — so 
we have to always stay 2 steps ahead. 

Mr. Katko. Thank you. Miss Rice. Other Members of the com- 
mittee are reminded that opening statements may be submitted for 
the record. 
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[The statement of Ranking Member Thompson follows:] 

Statement of Ranking Member Bennie G. Thompson 
April 19, 2016 

The Transportation Security Administration is well-known for its role in commer- 
cial aviation security. However, TSA’s responsibility includes oversight of various 
modes of transportation, including transportation of natural gasses, hazardous liq- 
uids, and toxic inhalation hazard pipelines across the United States. 

This hearing today is long overdue. The subcommittee has not had a public hear- 
ing on pipeline security since 2010. In the past, this committee has stated its inten- 
tion to explore pipeline security under our oversight functions, but time and again, 
the committee pivoted to other matters. 

Although there have been no successful attacks on U.S. pipelines, it is important 
that the United States remain vigilant. Pipelines are subject to both physical and 
cyber attacks. 

With nearly 3 million miles of pipelines traversing the Nation, it is important that 
the committee learns what the both the public and private sectors are doing to en- 
sure that bad actors who want to cause devastation to our Nation’s economy and 
critical infrastructure are not able to do so. 

I would like to thank the witnesses for appearing before us today and providing 
testimony on this subject. Ms. Proctor, I look forward to learning more about how 
TSA works with the private sector to address pipeline security vulnerabilities. 

Mr. Black, I look forward to understanding the perspective of the owners and op- 
erators of pipelines, and particularly hearing about your concerns with your re- 
sponse plan submissions and the potential impact of those who wish to do us harm 
gaining access to the sensitive information contained within these plans. 

Ms. Judge, I was pleased to read in your testimony that you believe TSA’s role 
in facilitating the public-private partnership to address pipeline security offers a 
healthy level of collaboration, support, and achievement. I look forward to your tes- 
timony. 

Finally, Mr. Parfomak, your expertise regarding the landscape of pipeline security 
and the historical context and possible implications is greatly appreciated, and we 
thank you for participating in the discussion today. 

Mr. Katko. We are pleased to have a distinguished panel of wit- 
nesses before us today on this important topic. 

The first witness, Ms. Sonya Proctor, currently serves as a sur- 
face division director in the Office of Security Policy and Industry 
Engagement at TSA. That must take a very big business card to 
fit that title on there. The Chair now recognizes Ms. Proctor to tes- 
tify. 

STATEMENT OF SONYA PROCTOR, SURFACE DIVISION DIREC- 
TOR, OFFICE OF SECURITY POLICY AND INDUSTRY ENGAGE- 
MENT, TRANSPORTATION SECURITY ADMINISTRATION, U.S. 

DEPARTMENT OF HOMELAND SECURITY 

Ms. Proctor. Thank you. Chairman Katko, Ranking Member 
Rice, and Members of the subcommittee thank you for the oppor- 
tunity to appear before you today to discuss the TSA’s role in se- 
curing our Nation’s pipelines. The pipeline network is critical to the 
U.S. economy. More than 2.5 million miles of pipelines transport 
natural gas, refined petroleum products, and other commercial 
products throughout the country. As evidenced by recent attacks in 
Brussels and elsewhere, the terrorist threat is increasingly complex 
and diffuse, with the potential for actors to become radicalized and 
carry out an attack with little warning. 

An attack against a pipeline system could result in loss of life 
and significant economic effects. To ensure we remain vigilant, TSA 
works closely with the pipeline industry which consists of approxi- 
mately 3,000 private companies who own and operate the Nation’s 
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pipelines. Pipeline system owners and operators maintain direct re- 
sponsibility for securing pipeline systems. 

TSA’s role is to support owners and operators by identifying 
threats, developing security programs to address those threats, and 
encouraging and assisting the implementation of those security 
programs. Along with the Department of Transportation, TSA co- 
chairs the Pipeline Government Coordinating Council to facilitate 
information sharing and coordinate on security assessments, train- 
ing, and exercises. TSA and DOT’s Pipeline and Hazardous Mate- 
rials Safety Administration, or PHMSA, work together to integrate 
pipeline safety and security priorities, as measures installed by 
pipeline owners and operators often benefit both safety and secu- 
rity. 

TSA engages pipeline industry stakeholders through the Pipeline 
Sector Coordinating Council, which provides a primary point of 
entry for industry representatives to discuss a range of pipeline 
issues with Government. To assist pipeline owners and operators 
in securing their systems, TSA has developed and distributed secu- 
rity training for industry employees and partners. Additionally, 
with the assistance of industry and Government partners, TSA de- 
veloped the TSA Pipeline Security Guidelines to provide a struc- 
ture for industry to voluntarily use in developing security plans 
and programs. 

Assessment results show that implementation of this guidance 
has enhanced critical infrastructure security throughout the coun- 
try. TSA works with industry partners to assess and mitigate 
vulnerabilities through exercises, assessments, and inspections. 
TSA facilitates intermodal security training and exercise program, 
or I-STEP, exercises to help pipeline operators test their security 
plans, prevention and preparedness capabilities, threat response, 
and cooperation with first responders. To identify shortfalls in pipe- 
line security and enhance industry practices, TSA conducts cor- 
porate and physical security reviews with pipeline operators. 

Pipeline owners and operators welcome these voluntary reviews, 
as they appreciate the value of secure systems. TSA has conducted 
over 140 corporate security reviews of operators’ security policies, 
plans, and programs since 2002, and over 400 physical security re- 
views of critical facilities since 2008. 

TSA supports Department of Homeland Security cybersecurity 
efforts in support of the National Institute of Standards and Tech- 
nology cybersecurity framework, and is coordinating a voluntary 
cyber assessment program, with the Federal Energy Regulatory 
Commission, to examine pipeline operators’ cybersecurity pro- 
grams. TSA works closely with the pipeline industry to identify and 
reduce cybersecurity vulnerabilities, including facilitating Classi- 
fied briefings to increase industry’s awareness of cyber threats. 

In conclusion, TSA works closely with industry and Government 
stakeholders to secure the Nation’s pipeline systems from terrorist 
attacks through the development and implementation of intel- 
ligence-driven, risk-based policies, and programs. 

Thank you for the subcommittee’s support of TSA’s goals. I look 
forward to your questions. 

[The prepared statement of Ms. Proctor follows:] 
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Prepared Statement of Sonya Proctor 
April 19, 2016 

Good afternoon Chairman Katko, Ranking Member Rice, and distinguished Mem- 
bers of the subcommittee. I appreciate the opportunity to appear before you today 
to discuss the Transportation Security Administration’s (TSA) role in securing our 
Nation’s pipeline systems. 

The pipeline network is critical to the economy and security of the United States. 
More than 2.5 million miles of pipelines transport natural gas, refined petroleum 
products, and other commercial products throughout the country. In addition to the 
pipelines themselves, the system includes critical facilities such as compressor and 
pumping stations, metering and regulator stations, breakout tanks, and the auto- 
mated systems used to monitor and control them. As evidenced by recent attacks 
in Brussels, Paris, and elsewhere, the terrorist threat has grown increasingly com- 
plex and diffuse, with the potential for terrorist actors to become radicalized and 
carry out an attack with little warning. An attack against a pipeline system could 
result in loss of life and have significant economic effects. 

To ensure we remain vigilant, TSA works closely with the pipeline industry, 
which consists of approximately 3,000 private companies who own and operate the 
Nation’s pipelines. Because they are usually unstaffed, securing pipeline facilities 
requires a collaborative approach across Government and industry. TSA has estab- 
lished effective working relationships to ensure strong communication and sharing 
of intelligence, training resources, best practices, and security guidelines. Pipeline 
system owners and operators maintain direct responsibility for securing pipeline 
systems. TSA’s role is to support owners and operators by identifying threats, devel- 
oping security programs to address those threats, and encouraging and assisting the 
implementation of those security programs. 

STAKEHOLDER ENGAGEMENT 

TSA has established a productive public-private partnership with Government 
partners and the pipeline industry to secure the transport of natural gas and haz- 
ardous liquids. On behalf of the Department of Homeland Security (DHS), TSA 
serves as a co-Sector-Specific Agency alongside the Department of Transportation 
(DOT) and the United States Coast Guard (USCG) for tbe transportation sector. As 
part of the DHS-led Critical Infrastructure Partnership Advisory Council frame- 
work, TSA and DOT co-chair the Pipeline Government Coordinating Council to fa- 
cilitate information sharing and coordinate on activities including security assess- 
ments, training, and exercises. TSA and DOT’s Pipeline and Hazardous Materials 
Safety Administration (PHMSA) work together to integrate pipeline safety and secu- 
rity priorities, as measures installed by pipeline owners and operators often benefit 
both safety and security. 

TSA engages pipeline industry stakeholders through the Pipeline Sector Coordi- 
nating Council (SCO, which provides a primary point of entry for industry rep- 
resentatives to discuss a range of pipeline security strategies, policies, activities, and 
issues with Government. To eliminate the need for multiple meetings with the same 
security partners, TSA worked closely with the Department of Energy to ensure the 
Pipeline SCC also functions as the Pipeline Working Group within the Energy Oil 
and Natural Gas Sector. 

Since the United States imports more petroleum from Canada than any other na- 
tion, much of it through pipelines, TSA works closely with our Canadian security 
counterparts to secure the U.S.-Canadian cross-border pipeline network. TSA and 
the Canadian National Energy Board coordinate closely on pipeline security matters 
to include exchanging information on assessment procedures, exercises, and security 
incidents. Since 2005, TSA and Natural Resources Canada have cosponsored the 
International Pipeline Security Eorum, an annual 2-day conference that enhances 
the security domain awareness of hazardous liquid and natural gas pipeline opera- 
tors and provides opportunities for discussion of major domestic and international 
pipeline security issues. Administrator Neffenger had the pleasure of attending last 
year’s Forum, and enjoyed the opportunity to engage with key industry leaders and 
learn more about their operations. The Forum presents a unique opportunity for 
TSA to directly engage with a large number of pipeline industry leaders from the 
United States and Canada, as well as key government and law enforcement part- 
ners. Approximately 160 attendees participate in the annual Forum, including pipe- 
line system owners and operators, pipeline trade associations, U.S. and Canadian 
government officials, and members of the security, intelligence, and law enforcement 
communities from the United States, Canada, and other countries. 
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SECURITY TRAINING AND GUIDELINES 

To assist pipeline owners and operators in securing their systems, TSA developed 
and distributed security training for industry employees and partners to increase 
domain awareness and ensure security expertise is widely shared. TSA’s pipeline se- 
curity training products include a security awareness training program highlighting 
signs of terrorism and each employee’s role in reporting suspicious activity, an im- 
provised explosive device awareness video for employees, and an introduction to 
pipeline security for law enforcement officers. 

Additionally, TSA developed the TSA Pipeline Security Guidelines to provide a se- 
curity structure for pipeline owners and operators to voluntarily use in developing 
their security plans and programs. The guidelines also serve as a standard for TSA’s 
pipeline security assessments. TSA developed the guidelines with the assistance of 
industry and Government members of the Pipeline Sector and Government Coordi- 
nating Councils, pipeline trade associations, cybersecurity specialists, and other in- 
terested parties. Wide-spread implementation of this guidance by the pipeline indus- 
try has enhanced critical infrastructure security throughout the country. TSA is cur- 
rently working with stakeholders to update these guidelines. The guidance has 
served as a template for entities establishing a corporate security program and has 
resulted in an increase in the quality of those programs reviewed by TSA. Since the 
publication of the guidelines, TSA has also seen an increase in the number of pipe- 
line operators conducting security drills and exercises, an increase in coordination 
with local law enforcement agencies, and an increase in the number of operators 
conducting security vulnerability assessments of their critical facilities, all of which 
are recommended in the guidelines. 

EXERCISES, ASSESSMENTS, AND INSPECTIONS 

TSA works with industry partners to assess and mitigate vulnerabilities, and im- 
prove security through collaborative efforts including exercises, assessments, and in- 
spections. With the support of Congress, TSA developed the Intermodal Security 
Training and Exercise Program (I-STEP). TSA facilitates I-STEP exercises across 
all surface modes, including pipelines, to help operators test their security plans, 
prevention and preparedness capabilities, threat response, and cooperation with 
first responders. TSA uses a risk-informed process to select the entities that receive 
I-STEP exercises and updates I-STEP scenarios as new threats emerge to ensure 
industry partners are prepared to exercise the most appropriate countermeasures. 

To identify shortfalls in pipeline security and develop programs and policies to en- 
hance industry security practices, TSA conducts both corporate and physical secu- 
rity reviews with pipeline operators. While these reviews are voluntary, they have 
been welcomed by pipeline owners and operators who appreciate the value resulting 
from securing their systems. 

Working with key executives and security personnel, TSA conducts the Corporate 
Security Review (CSR) program, which provides a company-wide assessment of op- 
erators’ security policies, plans, and programs. Upon completion of each CSR, TSA 
provides recommendations to the company to enhance its physical and cybersecurity 
policies and plans. TSA has conducted over 140 CSRs since 2002, including 6 CSRs 
in fiscal year 2015 and 4 to date in fiscal year 2016, with an additional 4 scheduled 
for completion by the end of the fiscal year. TSA has completed reviews of all 100 
highest-risk pipeline systems and is now conducting return visits to evaluate the im- 
plementation status of previous security recommendations. 

TSA conducts field-based physical security reviews to assess security measures in 
place at pipeline critical facilities. The Implementing Recommendations of the 9/11 
Commission Act of 2007 (Public Law 110-53) required TSA to develop and imple- 
ment a plan for inspecting the critical facilities of the top 100 pipeline systems in 
the Nation. TSA conducted these required inspections between 2008 and 2011 
through the Critical Facility Inspection program and is continuing the effort 
through TSA’s Critical Facility Security Review (CFSR) program. Since 2008, TSA 
has conducted over 400 physical security reviews of critical facilities, with 46 CFSRs 
completed in fiscal year 2015 and 21 completed to date in fiscal year 2016, with 16 
more expected to be completed by the end of this fiscal year. 

CYBERSECURITY 

In the pipeline mode, TSA supports DHS cybersecurity efforts in support of the 
National Institute of Standards and Technology Cybersecurity Framework. The cy- 
bersecurity framework is designed to provide a foundation that industry to better 
manage and reduce their cyber risk. TSA shares information and resources with its 
industry stakeholders to support their adoption of the framework. TSA also distrib- 
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uted a cybersecurity toolkit developed from DHS Critical Infrastructure Cyber Com- 
munity C3 Voluntary Program materials and designed to offer the pipeline industry 
an array of no-cost resources, recommendations, and security practices. Additionally, 
within the pipeline industry, TSA is coordinating a voluntary cyber-assessment pro- 
gram with the Federal Energy Regulatory Commission to examine pipeline opera- 
tors’ cybersecurity programs. TSA works closely with the pipeline industry to iden- 
tify and reduce cybersecurity vulnerabilities, including facilitating Classified brief- 
ings to increase industry’s awareness of cyber threats. 

CONCLUSION 

Through voluntary programs and extensive engagement and collaboration, TSA 
works closely with Government and industry stakeholders to secure the Nation’s 
pipeline systems from terrorist attacks. TSA shares information with pipeline own- 
ers and operators, develops and distributes training materials and security guide- 
lines, conducts security exercises, assessments, and inspections, resulting in an en- 
hanced security posture throughout the pipeline industry. TSA continues to aug- 
ment its efforts in the face of an evolving threat through the development and im- 
plementation of intelligence-driven, risk-based policies and programs. Thank you for 
the subcommittee’s support of TSA’s goals and the opportunity to discuss these im- 
portant issues. 

Mr. Katko. Thank you, Ms. Proctor. I will note that oftentimes 
we are here to deal with problems related to TSA. But it appears 
that this program is worlang remarkably well, and it is reflective 
of your efforts so we appreciate that. 

Now the next witness is Mr. Andrew Black who currently serves 
as president and CEO of the Association of Oil Pipe Lines. Prior 
to joining AOPL, Mr. Black served as a director of Federal Govern- 
ment relations at El Paso Energy, where I served long ago as a 
Federal prosecutor in El Paso back in the 1990s, and deputy staff 
director for the House Committee on Energy and Commerce. The 
Chair now recognizes Mr. Black to testify. 

STATEMENT OF ANDREW J. BLACK, PRESIDENT AND CEO, 
ASSOCIATION OF OIL PIPE LINES 

Mr. Black. Chairman and Ranking Member, thanks for the invi- 
tation. Thanks for your great opening statements, which I thought 
you captured very well, the program and its benefits. 

AOPL represents the owners and operators of the pipelines that 
bring to American workers and consumers crude oil, refined prod- 
ucts like gasoline, diesel fuel, and jet fuel, and natural gas liquids 
such as propane and ethane. I am also testifying today on behalf 
of the American Petroleum Institute which represents the broader 
oil and gas industry, including pipelines. The security of our pipe- 
line systems is a top priority for pipeline operators. We share TSA’s 
goal of pipeline security, and work hard to secure our facilities and 
networks. Our members appreciate the constructive approach the 
TSA Pipeline Security Division takes. 

Pipeline operators carefully review TSA’s pipeline security guide- 
lines and pipeline security smart practice observations when de- 
signing and maintaining security plans. Operators host TSA for 
corporate security reviews and pipeline security inspections, which 
our members tell us are challenging and pragmatic. Follow-up dis- 
cussions often result in specific improvements to the operator’s se- 
curity program. We do not today ask for any legislative changes re- 
garding TSA’s pipeline security programs. 

We participate in the Oil and Natural Gas Sector Coordinating 
Council and the Pipeline Sector Coordinating Council which pro- 
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vide opportunities for Classified and Unclassified discussions of 
pipeline security threats. Operators participate in TSA pipeline se- 
curity stakeholder calls to develop industry-wide awareness of 
issues seen by TSA and by pipeline operators. 

To defend their systems against cyber attacks, pipeline operators 
follow API standard 1164 for pipeline data security. The standard 
requires operators to maintain systems for controlling pipeline op- 
erations separate and apart from business systems with internet 
access and helps operators protect systems in a rapidly changing 
and increasingly complex cyber environment. The broader oil and 
natural gas industry has also created several information sharing 
forms, including the oil and natural gas information sharing and 
analysis center or ONG-ISAC to share threat indicators, alerts, 
and information to identify emerging cyber threats. API has devel- 
oped several other standards and programs to promote a culture of 
security, both physical and cyber, listed in my written testimony. 

I want to bring to the subcommittee’s attention a pending policy 
issue of significant security implications. Pipeline operators pre- 
pare and submit to the U.S. DOT PHMSA, our safety regulator, oil 
spill response plans. These response plans contain sensitive secu- 
rity information such as worst-case spill scenarios, first responder 
operational information, and pipeline control system locations and 
information. As Members of this subcommittee can appreciate, this 
information would provide a blueprint for a terrorist attack on 
pipeline infrastructure. 

In 2012, Congress authorized PHMSA specifically to redact this 
sensitive security information when making response plans public 
in response to FOIA requests. However, a provision in the recent 
Pipeline Safety Reauthorization bill passed by the Senate could 
allow the public to gain access to pipeline security information that 
terrorists could use to plan an attack. 

An amendment adopted in committee would require PHMSA to 
provide to Congress upon request unredacted copies of oil pipeline 
response plans. We support Congress exercising its role over 
PHMSA, its oversight role, and do not object to Congressional com- 
mittees receiving these plans. Unfortunately, however, as 2276 
does not provide clear or specific protections against public disclo- 
sure of security sensitive response plan information obtained by 
Congress. 

PHMSA has explained this information, “if disclosed would be of 
significant operational utility to a person seeking to harm the pipe- 
line infrastructure of the U.S.” Like PHMSA, we believe this infor- 
mation must be protected from public disclosure because of the se- 
curity risks. We are ready to discuss this with this and other com- 
mittees as pipeline safety legislation moves forward. 

Finally, there is a growing pipeline security issue that operators 
are watching closely. Opponents to pipeline projects in Canada are 
breaking into pipeline facilities, tampering with valves, and locking 
themselves to equipment as part of theirs protests. There were 4 
recent incidents on 1 pipeline, and a fifth on another. These actions 
could harm an operator’s ability to respond to an incident. Could 
even unintentionally result in a pipeline release impacting the pub- 
lic and the environment. Information from unredacted response 
plans may have helped some Canadian protestors in choosing 
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where and how to obstruct a pipeline’s activities. Information cir- 
culated for, or by pipeline opponents, can easily reach terrorist or- 
ganizations who might intentionally use this information to harm 
the public. 

I encourage Congress to keep these new threats in mind when 
reviewing unredacted response plans and determining how the im- 
portant information within them should be withheld from public 
disclosure. 

I thank the subcommittee for considering these issues and be 
happy to respond to any questions. 

[The prepared statement of Mr. Black follows:] 

Prepared Statement of Andrew J. Black 
April 19, 2016 

Thank you for holding this hearing and for inviting me to testify. 

I am Andy Black, president and CEO of the Association of Oil Pipe Lines (AOPL). 
AOPL represents the owners and operators of pipelines that transport crude oil, re- 
fined products like gasoline, diesel fuel, and jet fuel, and natural gas liquids like 
propane and ethane, to American workers and consumers. 

I am also testifying today on behalf of the American Petroleum Institute (API). 
API represents all facets of the oil and natural gas industry, with more than 650 
members including large integrated companies, as well as exploration and produc- 
tion, refining, marketing, pipeline, and marine businesses, and service and supply 
firms. 


pipeline security and tsa 

The oil and natural gas industry is committed to achieving zero incidents through- 
out our operations. Pipeline operators take considerable steps to ensure the safety 
and security of our personnel, assets, and operations. The security of our pipeline 
systems is a top priority for pipeline operators. Liquid pipeline operators share 
TSA’s goal of pipeline security, and work hard to secure our facilities and networks. 
Pipeline operators implement many measures and programs in pursuit of our goal 
of zero incidents. Operators assess threats to pipelines, including security threats, 
take steps to address them, and share pipeline security best practices industry-wide. 

AOPL and API members appreciate the constructive approach the TSA Pipeline 
Security Division takes with its pipeline security program. Pipeline operators care- 
fully review TSA’s Pipeline Security Guidelines and Pipeline Security Smart Practice 
Observations when designing and maintaining security plans. Pipeline operators 
host TSA for pipeline security inspections and Corporate Security Reviews, which 
our members tell us are challenging, reasonable, and pragmatic. Follow-up discus- 
sions often result in specific improvements to the operator’s security program. We 
do not ask for any changes in legislation or regulations regarding TSA’s programs 
and activities in pipeline security. 

Because of the pipeline industry’s designation by the Department of Homeland Se- 
curity (DHS) as a critical infrastructure subsector, we have many opportunities to 
participate in Government programs focusing on promoting security and identif 3 dng 
threats. We participate in the DHS Oil and Natural Gas Sector Coordinating Coun- 
cil established under Presidential Policy Directive 21 on critical infrastructure secu- 
rity and resilience. These activities provide important opportunities for both Classi- 
fied and Unclassified discussions of pipeline security threats. In addition, pipeline 
operators participate in the DHS Regional Resiliency Assessment Program, and reg- 
ularly participate in TSA pipeline security stakeholder calls to develop industry- 
wide awareness of issues seen by TSA and by operators. We also participate in the 
FBI’s Infragard process, a Government-industry partnership dedicated to sharing in- 
formation and intelligence to prevent hostile acts against the United States. 

While participation in these efforts is critical to the development of situational 
awareness, it should be noted that DHS’s risk analysis of all critical infrastructure 
did not designate any oil or natural gas infrastructure into its highest tier of risk. 
This is due to our industry’s diverse geography, redundant systems, and the resil- 
ience of the sector when responding to events. 
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CYBERSECURITY AND API STANDARD 1164 

Pipeline operators follow API Standard 1164, Pipeline SCADA Security, which 
helps pipeline operators defend their systems from cyber attacks. The standard re- 
quires operators to maintain systems for controlling pipeline operations separate 
and apart from business systems with internet access. It was developed with a 
broad group of stakeholders from the public and private sectors, and helps operators 
protect systems in a rapidly changing and increasingly complex cyber environment. 

The broader oil and gas industry, including pipeline owners and operators, have 
also created several information sharing forums, including the Oil and Natural Gas 
Information Sharing and Analysis Center (ONG ISAC), to share threat indicators, 
alerts and information to identify emerging cyber threats. Pipeline operators also 
participate in the NIST Cybersecurity Framework Roadmap process. These efforts, 
combined with the intelligence and information operators receive from Government 
sources, help operators better understand their risk and prevent incidents. 

OTHER INDUSTRY PIPELINE SECURITY PROGRAMS 

API has also developed several other standards and programs to promote a cul- 
ture of security, both physical and cyber. API RP 780, Security Risk Assessment, de- 
fines the recommended approach for assessing security risk widely applicable to the 
types of facilities operated by the industry and the security issues the industry 
faces. API RP 781, Facility Security Plan Methodology for the Oil and Natural Gas 
Industries, will build on RP 780 and provides the process to factor risk assessment 
into the physical and cybersecurity measures used to secure operations. This rec- 
ommended practice should be published later this year. In addition, API has pub- 
lished Utilizing Intelligence to Secure People [http: II www.api.org II media ! files ! 
policy I safety I api-guidance-utilizing-intelligence-in-ong.pdf?la=en], a guidance docu- 
ment describing some of the resources that are available to the industry to help at- 
tain situational awareness in different operating environments. 

API created the Oil and Natural Gas Industry Preparedness Handbook [http:! ! 
www.api. org / news-policy-and-issues / safety-and-sy stem-integrity / oil-gas-industry - 
preparedness-handbook] with support from members and associations throughout 
the industry, to illustrate how local responses can be aided by established relation- 
ships with governments and communities, local, State, and regional associations, 
and how corporate and Federal capabilities can facilitate efficient response and re- 
covery at the local level. The Handbook provides a common-sense approach for oil 
and gas owners and operators, local and State industry associations, and public-sec- 
tor partners to build the necessary capabilities to effectively manage the information 
flow that so often becomes congested during disruptive events. 

OIL SPILL RESPONSE PLANS 

I want to bring to the subcommittee’s attention a pending pipeline policy issue 
with significant security implications. Pipeline operators prepare and submit to U.S. 
DOT PHMSA, our safety regulator, oil spill response plans. These response plans 
detail facilities and plans for first responder and operator response to pipeline emer- 
gencies. They contain sensitive security information, such as worst-case spill sce- 
narios, first responder operational information, pipeline control system locations and 
information, and descriptions of high-consequence areas. As Members of this sub- 
committee can appreciate, this information would provide a blueprint for a terrorist 
attack on pipeline infrastructure. 

In 2012, Congress authorized PHMSA specifically to redact this sensitive security 
information when making oil spill response plans public in response to Freedom of 
Information Act requests. However, a provision in the recent pipeline safety pro- 
gram reauthorization bill, S. 2276, passed by the Senate earlier this year, could 
allow the public to gain access to pipeline security information terrorists could use 
to plan an attack. 

The specific Senate provision, adopted in committee as an amendment by Senator 
Markey, would require PHMSA to provide to Congress, upon request, unredacted 
copies of oil pipeline response plans. AOPL and API support Congress exercising its 
oversight role over PHMSA and the oil spill response program, and do not object 
to Congressional committee leaders receiving these plans. Unfortunately, however, 
S. 2276 does not provide clear or specific protections against public disclosure of se- 
curity-sensitive oil spill response plan information obtained by Congress. 

PHMSA legal guidance deems the information at issue here, “if disclosed, would 
be of significant operational utility to a person seeking to harm the pipeline infra- 
structure of the U.S.” Like PHMSA, we believe this information must be protected 
from public disclosure because of these security risks. We are ready to discuss this 
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with you and with Members of this committee, the Transportation and Infrastruc- 
ture Committee, and the Energy and Commerce Committee, as pipeline safety reau- 
thorization legislation moves through the House and conference in coming months. 

NEW THREATS AND ACTIONS AGAINST PIPELINES 

Finally, there is a growing pipeline security issue operators are watching closely. 
Opponents to pipeline projects in Canada are breaking into pipeline facilities, tam- 
pering with valves, and locking themselves to equipment as part of their protests. 
There were 4 incidents ^ between November and January on 1 pipeline and a fifth 
incident^ on another in January. These actions could harm a pipeline operator’s 
ability to respond to an incident and could even unintentionally result in a pipeline 
release impacting the public or environment. 

I understand information from unredacted oil spill response plans has helped 
some Canadian protestors in choosing where and how to obstruct a pipeline’s activi- 
ties. Information circulated for, or by, pipeline opponents can easily reach terrorist 
organizations who might intentionally use this information to harm the public. I en- 
courage Congress to keep these new threats in mind when reviewing unredacted re- 
sponse plans and determining how the important information within them should 
be withheld from public disclosure. 

I thank the subcommittee for considering these issues, and would be happy to re- 
spond to any questions. 

Mr. Katko. Thank you, Mr. Black. 

Our third witness is Ms. Kathleen Judge, who currently serves 
as a director of risk and compliance for global security at National 
Grid, which I am proud to say operates in my hometown of Syra- 
cuse and throughout up-State New York. Ms. Judge also serves as 
the chair of the Oil and Natural Gas Sector Coordinating Council. 
The Chair now recognizes Ms. Judge to testify. 

STATEMENT OF KATHLEEN S. JUDGE, DIRECTOR OF RISK AND 

COMPLIANCE FOR GLOBAL SECURITY, NATIONAL GRID, TES- 
TIFYING ON BEHALF OF THE AMERICAN GAS ASSOCIATION 

Ms. Judge. Chairman Katko, Ranking Member Rice, Members of 
the committee, thank you the opportunity to provide testimony on 
pipeline security, and your commitment to the security of our Na- 
tion’s critical infrastructure. 

As the Chairman stated, I am Kathy Judge. I work for National 
Grid, which is a gas and electric company based in the United 
Kingdom and Northeastern United States that serves nearly 7 mil- 
lion customers in New York, Massachusetts, and Rhode Island. Na- 
tional Grid is the largest distributor of natural gas in the North- 
east. We are proud to be the energy provider to the Chair, Ranking 
Member, and Representative Keatings district. 

My background includes 27 years in the utility industry. Rel- 
evant to this hearing, I have helped lead the American Gas Asso- 
ciation Security Committee. I also am current chair of the Oil and 
Natural Gas Sector Coordinating Council and Pipeline Sector Co- 
ordinating Council. 

Today I am testifying on behalf of the American Gas Association 
which represents more than 200 local gas utilities that operate 2 V 2 
million miles of distribution pipelines that deliver gas to 71 million 
consumers. Providing safe natural gas delivery is the top priority 


^“Pipeline industry concerned about tampering and vandalism”, CBC News, March 9, 2016, 
http:! I www.ebc.ca / news / business / cepa-chris-bloomer-pipelines-tampering-enbridge-vandalism- 
target-1. 348085 7. 

2 “Pipeline sabotage: Someone tampered with valve on Enbridge fuel pipeline near Cam- 
bridge”, Hamilton Spectator, January 5, 2016, http:! ! www.thespec.coml news-story 162197 19- 
pipeline-sabotage-someone-tampered-with-valve-on-enbridge-fuel-pipeline-near-cambridgel . 
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for natural gas utilities. This said, here are some important facts 
about pipeline security. 

One, natural gas utilities have a proven history of weathering 
natural disasters, accidental third-party damage, and intentional 
assaults. Ironically, the leading risk to pipelines is third-party ex- 
cavation damage. Pipeline systems are resilient with multiple re- 
dundant safety and reliability mechanisms in place. Pipelines must 
comply with DOT pipeline safety regulations that also provide 
some security coverage. 

TSA threat assessments have indicated that the threat against 
U.S. natural gas pipelines is low. Nevertheless, because of the im- 
pact a successful physical or cyber attack could have on millions of 
customers, pipeline security remains a top industry priority. 

Gas utilities employ numerous strategies to ensure pipeline secu- 
rity, including but not limited to, site-specific security and crisis 
management plans, to ensure operations are reinforced with work- 
place and system redundancies, embedding security requirements 
into pipeline design and construction, weaving security require- 
ments into corporate governance, participating with information 
sharing and analysis centers to improve on situational awareness, 
coordinating with Federal, State, and local first responders to en- 
sure effective incident prevention and response, and partnering 
with Federal security partners at TSA, DOE, and the FBI to better 
understand the potential threats. 

Pivotal to pipeline security is the partnership industry has, with 
TSA’s pipeline section of the Office of Security Policy and Industry 
Engagement. The TSA pipeline section recognized early on that col- 
laboration was key because pipeline security professionals in TSA 
share the same objective, to protect critical infrastructure. Four- 
teen years later, this approach serves as a model for the public/pri- 
vate partnership. To sustain that partnership, TSA offers numer- 
ous programs to aid pipeline operators. Those primary tools are the 
TSA pipeline security guidelines which are a flexible set of security 
smart practices that were developed collaboratively by the Federal 
Government and pipeline security professionals. On-site security 
reviews which offer TSA the opportunity to engage in constructive 
nonregulatory discussions with pipeline operators, and they also 
offer security awareness and training materials. These programs 
promote security in mutually beneficial relationships between TSA 
and the operator cannot be undervalued. Please note that the TSA 
pipeline security program must be protected. 

I would like to share 2 examples of past actions taken with the 
best of intentions that proved detrimental. In 2014 TSA announced 
the significant organizational realignment that dismantled the ef- 
fective programs and processes that were in place and that we ben- 
efitted from as operators. During this realignment, it was the in- 
tent of DHS to have generalists. In other words, GSA reps who 
worked across all transportation modes. This proved ineffective as 
visits focused more on educating the generalists about pipelines 
and pipeline security than on the bilateral value gained from the 
prior visits with specialists. After input from pipeline operators and 
a decline in the industry engagement, TSA reversed the realign- 
ment and went back to the way it was. 



15 


DOT and TSA security partnership needs greater collaboration. 
DOT recently proposed changes to its National pipeline mapping 
system that would require operators to provide on-line, in a single 
database, detailed pipeline operations’ location information. It is 
my belief that TSA would have opposed this had they been collabo- 
rated with on this subject. 

Natural gas utilities value the effective security partnership. 
Compliance does not equal security. The formula for measurable ef- 
fectiveness of TSA’s pipeline program is a result of practical guide- 
lines, information exchange, and trusted private-sector engage- 
ments. We also urge the committee to continue to support the TSA 
pipeline security program and encourage interagency collaboration 
with PHMSA where pipeline security and pipeline safety overlap. 

Thank you. I look forward to your questions. 

[The prepared statement of Ms. Judge follows:] 

Prepared Statement of Kathleen S. Judge 
April 19, 2016 

My name is Kathleen S. Judge and I am the director, risk & compliance, cor- 
porate security for National Grid. National Grid is an international electricity and 
gas company based in the United Kingdom and northeastern United States that 
connects nearly 7 million customers to vital energy sources through its networks in 
New York, Massachusetts, and Rhode Island. It is the largest distributor of natural 
gas in the Northeast. National Grid also operates the systems that deliver gas and 
electricity across Great Britain. 

I have over 27 years of experience in the utility industry, and since 2007, I have 
been in physical security. I have been actively involved with the industry trade asso- 
ciation security committees during my time in security, including serving on the 
American Gas Association Security Committee leadership team since 2011. I cur- 
rently chair the Oil & Natural Gas Sector Coordinating Council (ONG SCO and 
Pipeline Working Group, which also serves as the Pipeline Sector Coordinating 
Council. I am also actively involved in the Edison Electric Institute (EEI) Security 
Committee and serve on the Executive Steering Committee for the Long Island 
Sound Area Maritime Security Committee. In 2014 and 2015, I was an active mem- 
ber on the NERC CIP 14 — Physical Security Standards Drafting Team. 

I am testifying today on behalf of the American Gas Association (AGA). AGA, 
founded in 1918, represents more than 200 local energy companies that deliver 
clean natural gas throughout the United States. There are more than 72 million res- 
idential, commercial, and industrial natural gas customers in the United States, of 
which 95 percent — nearly 69 million customers — receive their gas from AGA mem- 
bers. Natural gas pipelines, which transport approximately one-fourth of the energy 
consumed in the United States, are an essential part of the Nation’s infrastructure. 
Indeed, natural gas is delivered to customers through a safe, 2.5 million-mile under- 
ground pipeline system. This includes 2.2 million miles of local utility distribution 
pipelines and 300,000 miles of transmission pipelines that stretch across the coun- 
try, providing service to more than 177 million Americans. 

NATURAL gas UTILITIES 


'Who 'We Are 

Providing safe, reliable, and cost-effective delivery of natural gas is the top pri- 
ority of natural gas utilities across America. Given our strong service record, envi- 
able safety statistics, and inherently resilient makeup due to the subsurface loca- 
tions of the majority of our assets, natural gas utilities work vigilantly to maintain 
both the cybersecurity and physical security of the infrastructure. The natural gas 
system is a complex, interconnected, and well-protected network of pipelines and as- 
sociated facilities, including but not limited to, compressor stations, pressure regu- 
lators, pressure relief valves, and underground natural gas storage. Natural gas op- 
erations have a proven history of weathering natural events, accidental third-party 
damage, and intentional malicious assaults. Crisis management and site-specific se- 
curity plans ensure operations are reinforced with well-trained workforce and sys- 
tem redundancies. Natural gas security professionals layer security measures within 
a framework of risk management. Further, natural gas owner/operators partner 
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with Federal, State, and local government and law enforcement agencies to ensure 
effective and efficient response to events impacting natural gas operations. 

The Transportation Security Administration (TSA) annual threat assessments 
have indicated that the threat against U.S. natural gas pipelines is low, and there 
is no current credible threat information regarding attacks on U.S. distribution 
pipelines. Further, the U.S. Department of Transportation (DOT) Bureau of Trans- 
portation Statistics continue to show pipelines as the safest form of transportation 
with very low incident rates, and the DOT Pipeline and Hazardous Materials Safety 
Administration (PHMSA), which regulates pipelines under its Office of Pipeline 
Safety (OPS), states that pipelines are one of the safest and most cost-effective 
means to transport the extraordinary volumes of natural gas. As such, pipeline safe- 
ty and physical infrastructure security remain AGA’s top priority. 

Pipeline Risks 

The primary objective for gas utilities is the safe and reliable delivery of natural 
gas to the consumer. As a result, natural gas utilities evaluate their security risks 
with public safety and natural gas interdependencies in mind. Pipeline security 
risks may be categorized as physical security risks or cybersecurity risks. In gen- 
eral, the leading security risks to natural gas utilities include, gas theft; access con- 
trol; supply chain integrity; customer information theft; insider threat; facility and 
employee protection; and breach of Supervisory Control And Data Acquisition sys- 
tems (SCADA), control systems, or communication systems. In addition, the poten- 
tial for loss of telecommunications capability motivates the natural gas industry to 
maintain a basic level of manual operations, which adds a layer of security not af- 
forded sectors that are fully automated. 

Ironically, the leading risk to natural gas utility pipelines continues to be third- 
party excavation damage. Excavation damage causes more casualties and service 
interruptions than any combination of security incidents. 

While specifics may vary across companies, natural gas security professionals 
layer security measures in a handful of operational phases, i.e., planning, prepara- 
tion, protection, incident response, and recovery that are framed by the overarching 
goal of risk management. The following provides more details about the activities 
associated with these phases. 

• Planning. — Natural gas owner/operators develop written programs that include 
methods for vulnerability and risk assessment, protection of sensitive informa- 
tion, threat responses, cooperation with public safety personnel, and physical se- 
curity and cybersecurity practices. 

• Preparation Activities. — Natural gas owner/operators practice and prepare for 
extraordinary scenarios through participation in their own drills as well as 
those coordinated by industry, regional associations, and Government agencies. 
Table-top exercises enhance preparedness efforts and incident classification, 
while testing and engaging operators in restoration and recovery discussions. 
Finally, the industry participates in the TSA I-STEPi full-scale training and 
exercises designed to provide a forum for personnel to practice specific plans 
and procedures in response to security issues impacting their companies. 

• Protection Strategies. — Natural gas owner/operators make significant invest- 
ments to protect their most critical assets. These investments focus on improv- 
ing protection, detection, and perimeter security at the most critical locations. 
Examples of enhanced physical and personnel security measures include: 

• physical security measures such as, but not limited to and as appropriate, 
barriers and buffer zones, access controls, gates, locks and key controls, facil- 
ity lighting, vehicle searches (static guards), surveillance cameras, intrusion 
detection, and monitoring. 

• personnel security measures such as, but not limited to and as appropriate, 
biometric identification and badging, background investigation, training, exer- 
cises, and drills. 

• Incident Response and Recovery. — Gas utilities have long maintained and been 
acknowledged for their consistent commitment to the safety of the natural gas 
infrastructure, workers, and processes. The commitment to operational resil- 
iency is equally substantial. Redundancies along the delivery system provide op- 
erators the flexibility to reduce pressure and redirect, shut down, or restore gas 
flow. Facilities for alternative fuels and natural gas storage provide additional 
options to supplement gas supply to minimize service disruption. Companies 


1 1-STEP: The Intermodal Security Training & Exercise Program is a “risk-based, intelligence- 
driven exercise, training, and security planning solution in collaboration with other security 
partners to reduce risks to critical transportation infrastructure, and build and sustain security 
preparedness.” 
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also have critical back-up and replacement equipment and parts stored at key 
points along a system. Rapid response teams can be quickly deployed to get the 
system up and running in order to reduce down time. Overall, the industry ap- 
proaches preparedness and response from the local level, acknowledging that 
events impact workers, businesses, and communities first and foremost. While 
resources and information are often held at the regional or National levels, it 
is the local facility operators who have the best ability to assess their systems, 
identify needs, and execute the work needed to restore services. 

Title 49 of the Code of Federal Regulations governs the response aspect of secu- 
rity planning. Pipeline companies have years of experience responding to emer- 
gency incidents and are required by DOT to have effective emergency plans in 
place. Operators are also required to report significant incidents — those result- 
ing in serious injury, loss of life, or property damage greater than $50,000 — to 
the DOT National Response Center (NRC). A mechanical failure or uninten- 
tional act resulting in significant damage to a pipeline will be reported to DOT 
through the NRC. An intentional act of damage, or act of a suspicious nature 
involving a pipeline, will be reported to TSA through the Transportation Secu- 
rity Operating Center (TSOC). 

Responding to a pipeline failure caused by an intentional act varies little from 
the response to a mechanical failure or an unintentional act; except that, opera- 
tors must exercise caution recognizing the incident may be criminal in nature. 
Facility restoration is the final component of an industry security initiative. 
Specific plans will vary among operators based on the criticality of the pipelines 
and factors such as location and time of year. 

Security is woven into corporate governance through security policies, incident 
procedures, record keeping, communication, security measures embedded within de- 
sign and construction practices, as well as equipment maintenance and testing. To 
help maintain operational security, natural gas utilities are careful not to publicize 
clearly sensitive information about critical infrastructure that might provoke new 
threats, or endanger the safety of the American public or the integrity of the Na- 
tion’s gas systems. Gas companies work closely with law enforcement personnel and 
first responders on site-specific security plans and security drills. Additionally, gas 
utilities participate in security information-sharing communities such as the Down- 
stream Natural Gas Information Sharing & Analysis Center, which provides partici- 
pants with timely situational awareness, intelligence analytics, and industry inci- 
dent information exchange. 

Sector Coordinating Council 

In 2004, Sector Coordinating Councils were formed to coordinate security initia- 
tives among the Nation’s critical infrastructure assets. The Oil and Natural Gas 
Sector Coordinating Council (ONG SCO was formed by 19 industry trade associa- 
tions to provide a forum for discussion and to coordinate communications between 
industry security professionals and representatives of the Energy Sector Govern- 
ment Coordinating Council (Energy GCC^). Subsequent to the formation of the 
ONG see, the Pipeline Working Group (Pipeline Sector Coordinating Council) was 
formed to further enhance communication and collaboration among pipeline opera- 
tors and Government entities. 

Cooperation 

The pipeline industry takes its responsibility for facility, system, and network se- 
curity very seriously. The TSA provides guidance and expectations for the practices 
and procedures necessary to secure the Nation’s critical pipeline infrastructure. 
Members of industry and trade associations, working together and through the 
SCCs, have developed guidelines that are consistent with these expectations. The 
typical operator has a developed security program, has conducted facility risk as- 
sessments, and has implemented sound practices that provide for effective and prac- 
tical system security. 

The natural gas industry supports a process for raising public awareness about 
pipelines in a manner that does not jeopardize security, interstate commerce, or pro- 
prietary business information. In addition to close coordination amongst gas utilities 
to reinforce operational resilience, the industry works directly with Government 
partners in DHS, DOE, the White House, the Government intelligence community, 
and local and State law enforcement agencies to more thoroughly understand poten- 
tial threats and to better protect its systems. AGA and gas industry representatives 


2 Energy GCC: The Energy Sector Government Coordinating Council is chaired by a represent- 
ative of the Department of Energy, and the GCC includes members of numerous agencies, in- 
cluding TSA and DOT. 
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actively participate in interdependency initiatives coordinated by Federal and State 
governments to enhance preparedness, response, and recovery planning. For exam- 
ple, in 2010 and in support of the objectives of the National Infrastructure Protec- 
tion Plan, owner/operators across the oil and natural gas sector collaborated with 
DHS and DOE to present several cross-sector emergency management workshops 
aimed at promoting an integrated private sector and Government response during 
natural disasters and terrorist incidents. The gas industry also engaged with DOE, 
DHS, electric utility operators, and local law enforcement on a series of physical se- 
curity and cybersecurity briefings across the United States and Canada. These brief- 
ings allow Government officials to provide information on the current threat envi- 
ronment, discuss mitigation strategies, and encourage participants to further de- 
velop relationships with first responders and industry partners. Additionally, many 
utility security personnel hold Government security clearances, which allow access 
to Classified threat information to further develop security strategies. 

Resilience 

Resilience is an integral element of the gas industry’s critical infrastructure pro- 
tection mission that is bolstered by multiple layers of safety and reliability mecha- 
nisms to reduce the magnitude and/or duration of disruptive events and to ensure 
sufficient backup coverage exists. Because utilities must “expect the unexpected,” 
they have all-encompassing contingency plans for dealing with man-made and nat- 
ural disasters to help ensure natural gas will flow safely and reliably. The industry 
continues to work with Federal agencies to enhance the physical security and cyber- 
security of its critical infrastructure while remaining firmly committed to taking ap- 
propriate and measured actions to deter threats, mitigate vulnerabilities, and mini- 
mize consequences associated with a terrorist attack and other disasters. 

The National Infrastructure Advisory Council’s Critical Infrastructure Resilience 
Study found that the oil and natural gas sector has a significant amount of redun- 
dancy and robustness built into the system. Most pipelines are relatively easy to re- 
pair over the short term and in many cases, alternative routes are also available 
to move sufficient amounts of product around the site of an incident, thus pre- 
venting major disruptions. Moreover, redundancies are built into the pipeline infra- 
structure, including interconnects between companies. This planning and inter- 
connect capability ensures consumers with reliable service. 

TRANSPORTATION SECURITY ADMINISTRATION 

Pipeline Security Authority 

Under the provisions of the Aviation and Transportation Security Act (Public Law 
107-71), TSA was established on November 19, 2001, with responsibility for civil 
aviation security and “security responsibilities over other modes of transportation 
that are exercised by the Department of Transportation.” To fulfill this mandate in 
the pipeline mode, on September 8, 2002, TSA formed the Pipeline Security Divi- 
sion, which is now called the Pipeline Section of the Office of Security Policy and 
Industry Engagement (TSA Pipeline Section). 

Partnership 

The vast majority of critical infrastructure is privately owned and operated. As 
such, effective public-private partnerships are the foundation for critical infrastruc- 
ture protection and resilience strategies comprising timely, trusted, unguarded in- 
formation sharing among stakeholders. The TSA Pipeline Section recognized early 
on that the pipeline industry security professionals are charged with a parallel ob- 
jective, i.e., protect the critical infrastructure, and this is best accomplished in a col- 
laborative environment. Historically, TSA has strategically refrained from executing 
its regulatory authority and, instead, pioneered a path of genuine Government part- 
nership with pipeline owners/operators. Fourteen years later, this approach con- 
tinues to serve as a model for public/private partnership that offers collaboration, 
mutual support, and measurable achievement towards a common goal — pipeline se- 
curity. 

The partnership approach has established a bond between industry and Govern- 
ment that is uncommon across the Government/operator community and is measur- 
ably beneficial for all stakeholders. The operator knows best his/ber operations — 
what needs to be secured and how to best achieve this; TSA provides valuable tools, 
knowledge resources, insights, and perspectives that advances the operator’s deci- 
sion-making process. The end result is an improved security posture that benefits 
all involved, except the adversary. 
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Programs / Tools ! Products 

TSA has many programs, tools, and products available to assist pipeline operators 
in addressing security matters. The portfolio includes, Critical Facility Inspections 
(CFI), Corporate Security Reviews (CSR), Critical Facility Security Reviews (CFSR), 
Blast Mitigation, Smart Practices, I-STEP, monthly stakeholder teleconferences. Se- 
curity Awareness Training Videos, and the International Pipeline Security Forum. 
These resources bring Government and operators together and foster relationships 
and cooperative efforts that have been key to advancing industry pipeline security 
practices. 

TSA Pipeline Security Guidelines 

The leading tool in the TSA portfolio is the TSA Pipeline Security Guidelines 
(Guidelines), a product of collaboration that coalesced the institutional knowledge 
and experience of pipeline security professionals with the resources of the Federal 
Government. The Guidelines were developed with the assistance of industry and 
Government members of the Pipeline Sector and Government Coordinating Coun- 
cils, industry association representatives, and other interested parties and represent 
TSA’s expectations of industry. TSA released the Guidelines in December 2010 (re- 
released in April 2011), and it applies to natural gas distribution pipelines and liq- 
uefied natural gas facilities. Notably, the partnership between pipelines and TSA ef- 
fectively drives industry to advance beyond minimum security standards to the de- 
ployment of smart industry practices. The Guidelines provides operators the flexi- 
bility to secure pipeline infrastructure by applying practices that are most applica- 
ble to their individual systems. 

On-site Reviews ! Visits 

Equally significant in advancing industry’s security posture are non-regulatory, 
on-site facility reviews/visits. The CSRs and CFIs have historically been the pro- 
gram names for these reviews/visits conducted by the TSA Pipeline Section. The 
CSRs focused on the operators’ overall security plan. The CFIs focused on security 
plan implementation and actual day-to-day security practices at critical facilities. 
More recently, CFIs have been renamed as CFSRs. 

The CSRs are designed for TSA to focus on an operator’s overall security plan im- 
plementation through: (1) Learning more about an organization’s pipeline system, 
(2) reviewing an organization’s listing of critical facilities, (3) discussing at length 
the details of an organization’s security plan and programs, and (4) engaging with 
the operator to familiarize the operator with TSA and vice-versa prior to any secu- 
rity-related event or emergency. Following the review, TSA shares observations with 
that company, including a security benchmark so the company can compare itself 
with similar or peer companies. TSA discusses areas in which they observe the com- 
pany excelling in relation to the industry and smart practices. TSA also identifies 
areas in which the company is observed to be lacking and will make recommenda- 
tions based on the Guidelines or offer considerations based on their expertise and 
industry observations. TSA then follows up with each organization to see what 
progress has been made based on their recommendations. 

CFSRs are site-by-site walkthroughs at each critical facility focused on site-spe- 
cific security plans and measures. Following each review, TSA sends a report to the 
operator including commendations and recommendations. TSA then follows up with 
each operator to check in on the progress of recommendations. TSA also utilizes in- 
formation obtained during the reviews to develop security smart practices that are 
shared with the industry. 

The review/visits offer TSA a unique opportunity to engage in open, candid, non- 
punitive discussions with the operator. This affords TSA with a more holistic view 
of how the industry can be effective in its flexible use of the Guidelines and rein- 
forces the fact that constructive exchange between TSA and the operator is more 
useful for security planning than the “us versus them” compliance-audit environ- 
ment. Results of these reviews have been used to develop security “smart practices” 
that are shared widely throughout the industry. These programs have not only been 
a means of evaluating the actual security practices of the pipeline operators but 
have also been a means of promoting industry familiarity with the responsibilities 
and personnel of TSA. Thus, the collaboration between TSA and the pipeline oper- 
ator is a mutually beneficial relationship that cannot be undervalued. 

Stakeholder Teleconferences 

For wider participation, TSA holds monthly stakeholder calls to share physical 
and cyber threat and intelligence information with industry. Following notable secu- 
rity events, TSA conducts more frequent calls and sends out relevant information 
to industry stakeholders. 
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Additional Engagement Opportunities 

Industry and TSA annually convene to go through the Transportation Sector Se- 
curity Risk Assessment. This exercise includes evaluating a list of scenarios and de- 
termining the likelihood of such an event. Both also collaborate on the development 
of Pipeline Modal Threat Assessment prepared by the TSA Office of Intelligence and 
Analysis. 

In addition to the Guidelines and TSA products, the pipeline industry references 
and implements multiple resources, programs, and standards from wellhead to the 
meter as appropriate for the company’s operations. Such resources include American 
Petroleum Institute Recommended Practices and standards, DOE Oil & Natural Gas 
Cybersecurity Capability Maturity Model, SANS Institute cybersecurity standards, 
and the North American Electric Reliability Corporation Critical Infrastructure Pro- 
tection Committee standards. The pipeline industry also coordinates initiatives with 
other critical infrastructure sectors, including but not limited to Chemical, Energy, 
Communications, and Financial Sectors as well as other modes within the Transpor- 
tation Sector. 

To Regulate or Not To Regulate 

The formula that promotes on-going improvements to the pipeline industry’s secu- 
rity posture consists of the partnership, the Guidelines, and the operator facility vis- 
its by TSA. 

The Guidelines has a common goal with the pipeline operator to promote the secu- 
rity pipeline infrastructure while recognizing operational, structural, and commodity 
differences across the pipeline industry. This performance-based approach supports 
the flexibility needed for operators to address the dynamic security threats specific 
to their operations in different operating settings. 

The CSRs, CFIs, and CFSRs demonstrate the owner/operators’ actions to follow 
the Guidelines. According to TSA, there have been 347 CFIs, 154 CSRs, and 151 
CFSRs to date. Each of the visits resulted in TSA recommendations to the operator 
to which 85-90% of the recommendations have already been addressed by the oper- 
ator, and the remaining recommendations are in the process of being addressed, or 
the operator found a better way of achieving the objective of the recommendation. 
TSA has gone on record stating that based on its CSRs and other information, pipe- 
line operators already employ most of these recommendations in their security plans 
and programs. 

In addition to partnering with TSA, pipelines must comply with DOT pipeline 
safety regulations, which require the incorporation of system fail-safes that in many 
cases protect against the goals of the adversary; in the case of natural gas utilities, 
this would apply to system over-pressurization, intrastate pipeline must also comply 
with State pipeline safety regulations that go above and beyond DOT’s regulations. 

Improving on TSA’s Role 

In January 2014, TSA announced a significant organizational realignment that 
dismantled effective programs (previously highlighted) and processes both the Gov- 
ernment and the operators had benefited from. During the realignment, it was the 
intent of DHS to have generalists (i.e., TSA representatives who work all transpor- 
tation modes) to conduct the CFSRs. In practice, this proved ineffective as the visits 
focused more on educating the TSA generalist about pipeline security than on bilat- 
eral value gained. Ostensibly, the impetus for the realignment was to sustain TSA’s 
effectiveness and to remove the stove-piping amongst the various modes. Industry 
representatives expressed concern over the reorganization, as this realignment was 
done without engagement of the operator community. 

AGA worked with Congressional staff and TSA staff to facilitate a meeting be- 
tween TSA leadership and industry to discuss the reorganization. After extensive 
pressure from pipeline operators and a measurable decline in TSA’s engagement 
with industry, TSA reversed the realignment and returned to a model similar to the 
original. Because most of the original well-trained TSA pipeline staff had been reas- 
signed elsewhere, the program is slowly rebuilding. AGA credits the leadership of 
Ms. Sonya Proctor, director, surface division, office of security policy and industry 
engagement, for recognizing the ineffectiveness of the realignment, the need to re- 
turn to the original model, and the need to fill open pipeline security positions with 
qualified candidates. TSA is strongly encouraged to ramp up the CFSR program 
with reviewers who already understand pipeline operations, as was the case prior 
to the realignment efforts. 

Further, industry has invested a great deal of resources working with the Govern- 
ment intelligence community to ensure the timely sharing of actionable information. 
Though certain groups, such as DHS Industrial Control Systems Cyber Emergency 
Response Team (ICS-CERT), recognize the value of this, others within the intel- 
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ligence community (outside of DHS) do not necessarily a^ee. TSA should be posi- 
tioned and empowered to be a conduit of threat information that has implications 
to pipeline operations. This would include information that could impact sectors/in- 
frastructure upon which pipeline operations are dependent or which have operations 
similar to pipelines, e.g., SCADA. Along these same lines, more Government re- 
sources should be invested to provide well-trained and -equipped pipeline security 
professionals across the Nation to conduct more facility reviews and noncompliance 
visits. 


PHMSA 

Security and safety go hand-in-hand. As prescribed in Title 49 of the Code of Fed- 
eral Regulations, pipeline safety, including emergency management, has been the 
purview of DOT through PHMSA’s Office of Pipeline Safety. Prior to events of Sep- 
tember 11, 2001, the Homeland Security Act of 2002, Homeland Security Presi- 
dential Directive 7 (December 17, 2003), and the Aviation & Transportation Security 
Act of 2001, pipeline security was under the purview of DOT, where it played a less 
prominent role than pipeline safety. In September of 2004, a Memorandum of Un- 
derstanding (MOU) was signed by representatives of DHS and DOT memorializing 
an agreement of respective pipeline security roles and responsibilities; “DOT and 
DHS will collaborate in regulating the transportation of hazardous materials by all 
modes (including pipelines).” Additionally, in August 2006, an MOU was signed by 
TSA and PHMSA to clarify that TSA has primary responsibility for pipeline security 
and formalize coordination between TSA and PHMSA to ensure that pipeline secu- 
rity and pipeline safety complement one another: “PHMSA is responsible for admin- 
istering a National program of safety in natural gas and hazardous liquid pipeline 
transportation including identifying pipeline safety concerns and developing uniform 
safety standards.” 

The emergency response practices prescribed by DOT are used in the event of any 
incident, whether intentional or accidental. All involved parties must work coopera- 
tively with law enforcement, local agencies, and first responders to minimize dam- 
age and danger to local communities and critical facilities. 

Coordination 

For a number of years following the 2006 MOU, PHMSA was actively engaged 
with TSA activities, including the development of the Guidelines. However, more re- 
cent experiences suggest that PHMSA has lost its focus on cybersecurity. For exam- 
ple, PHMSA has proposed significant changes to its National Pipeline Mapping Sys- 
tem that would require operators to provide very detailed pipeline operations and 
location information, including information on critical valves, on-line in a single 
database, and this information would be made widely available. PHMSA’s actions 
suggest pipeline cybersecurity is an afterthought rather than part of the evaluation 
process. 


SUMMARY 

Natural gas utilities value the collaborative security relationship they have with 
TSA. TSA is to be commended for choosing the more constructive path, i.e., 
partnering with owners/operators, to improving the pipeline sector’s security pos- 
ture. Furthermore, compliance does not equate to security. The formula for the 
measurable effectiveness of TSA is the result of practical guidelines, smart prac- 
tices, information exchange, and trusted engagement with the private sector. TSA 
should continue the process of reversing its earlier realignment efforts and return 
to the model of a dedicated group of TSA staff with knowledge and experience in 
pipeline operations specifically assigned to pipeline security. TSA should also con- 
tinue to coordinate with PHMSA where pipeline security and pipeline safety over- 
lap. Along the same lines, PHMSA should be more proactive in consulting with TSA 
on pipeline safety matters, in particular regarding regulations that have security 
implications and may increase pipeline vulnerability. 

Mr. Katko. Thank you, Ms. Judge for your testimony. We appre- 
ciate you being here today. 

Our fourth and final witness is Dr. Paul Parfomak. Did I say 
that correctly? 

Mr. Parfomak. Perfect. 

Mr. Katko [continuing]. Who currently serves as a specialist in 
the energy and infrastructure policy at the Congressional Research 
Service. The Chair now recognizes Dr. Parfomak to testify. 
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STATEMENT OF PAUL W. PARFOMAK, SPECIALIST IN ENERGY 

AND INFRASTRUCTURE POLICY, CONGRESSIONAL RE- 
SEARCH SERVICE, LIBRARY OF CONGRESS 

Mr. Parfomak. Good afternoon, Chairman Katko, Ranking Mem- 
ber Rice, and Members of the subcommittee. My name is Paul 
Parfomak, specialist in energy and infrastructure policy at the Con- 
gressional Research Service. CRS appreciates the opportunity to 
testify about the Federal role in pipeline security. Please note that 
CRS does not advocate policy or take a position on any legislation. 

Nearly 3 million miles of pipeline transport natural gas, oil, and 
other hazardous liquids across the continental United States. Due 
to their scale and reliance on computer controls, the Nation’s pipe- 
lines are vulnerable to attack, and repeatedly have been a focus of 
malicious activity. Major incidents include a plot by Islamist terror- 
ists to attack jet fuel pipelines at JFK Airport, attempted bombings 
of natural gas pipelines in Texas and Oklahoma, and a coordinated 
campaign of cyber intrusions among pipeline operator computer 
systems. 

Over the last 15 years, there have been no successful pipeline at- 
tacks in the United States. But the threat remains credible. The 
Department of Transportation has statutory authority to regulate 
pipeline safety. The Clinton administration gave the DOT lead re- 
sponsibility for pipeline security as well. In 2001, however. Presi- 
dent Bush placed pipeline security authority within the newly-es- 
tablished Transportation Security Administration. Since its incep- 
tion, TSA has administered a multifaceted pipeline security pro- 
gram centered around its corporate security reviews. The agency 
also inspects critical facilities, participates in security committees, 
and provides training, among many other activities. 

While TSA has been engaged in a broad range of activities to 
help secure pipelines, questions remain about the overall structure 
and effectiveness of its pipeline security program. Three specific 
issues may warrant Congressional attention. No. 1, TSA’s pipeline 
security resources. No. 2, voluntary versus mandatory standards. 
No. 3, uncertainty about pipeline security risks. 

TSA’s budget funds on the order of 10 to 15 full-time equivalent 
staff to support the various aspects of its pipeline security program. 
There is concern by some that this level of resources may not sup- 
port rigorous and timely review of security plans and inspection of 
facilities Nation-wide. TSA’s handful of pipeline staff accomplish a 
great deal, but they stand in contrast to over 700 staff in the other 
surface transportation modes at TSA, which excludes aviation. 
Over 500 pipeline safety staff available to the DOT. Given this dis- 
parity, it is logical to consider whether TSA’s pipeline security re- 
sources should be increased, or whether DOT staff who inspect the 
same pipeline systems as TSA could somehow be deployed to help 
meet security objectives. 

Although TSA has the statutory authority to regulate pipeline se- 
curity, the agency has not promulgated such regulations. TSA as- 
serts that its voluntary approach is more effective than mandatory 
standards. Canadian regulators, however, have come to a different 
conclusion. They do regulate pipeline security. Likewise, the U.S. 
Federal Energy Regulatory Commission has ordered mandatory 
cyber and physical security standards for the bulk electric power 
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system which faces threats and vulnerabilities similar to pipelines. 
Canada’s and FERC’s decisions to regulate security raise questions 
as to the relative merits of a voluntary versus a regulatory ap- 
proach to pipeline security. 

TSA’s pipeline threat assessment published in 2011 concluded 
with high confidence that the terrorist threat to the U.S. pipeline 
industry was low. No subsequent assessments are publicly avail- 
able. However, recent events have increased concerns about pipe- 
line system threats, especially cyber threats because the pipeline 
industry security risk assessments rely upon information from the 
Federal Government, uncertain or outdated threat information may 
lead to inconsistent security plans, inefficient spending of security 
resources, or deployment of security measures against the wrong 
threat. 

In conclusion, the Nation’s pipelines have proven to be both vul- 
nerable to attacks and attractive to malicious actors. A strong Fed- 
eral pipeline security program is clearly necessary. Real bombs 
have been planted, computer systems have been attacked, and per- 
petrators have been imprisoned. TSA identifies many activities 
under its Pipeline Security Program. But they are performed with 
constrained resources. While both the TSA and industry are en- 
gaged in pipeline security, questions have been raised as to their 
level of capability and how effective their efforts have actually 
been. Under TSA’s current approach, it is difficult to know for cer- 
tain. 

Furthermore, while there have been no publicly-reported success- 
ful attacks on U.S. pipelines in recent years, existing security 
measures did not prevent attackers from planting explosive devices 
along U.S. pipelines on 2 separate occasions. If Congress concludes 
that TSA’s current efforts are insufficient, it may decide to provide 
additional resources to support them, or specifically, direct TSA to 
develop pipeline security regulations. Congress also may direct 
TSA to focus additional attention on understanding pipeline 
threats, and to assess how the various elements of U.S. pipeline 
safety and security fit together. 

Thank you for the opportunity to appear before the committee. 
I will be happy to answer any questions. 

[The prepared statement of Mr. Parfomak follows:] 

Prepared Statement of Paul W. Parfomak 
April 19, 2016 

Good morning Chairman Katko, Ranking Member Rice, and Members of the sub- 
committee. My name is Paul Parfomak, Specialist in Energy and Infrastructure Pol- 
icy at the Congressional Research Service (CRS). CRS appreciates the opportunity 
to testify here today about the evolution of and current Federal role in pipeline secu- 
rity. Please note that, in accordance with our enabling statutes, CRS does not advo- 
cate policy or take a position on any related legislation. 

INTRODUCTION 

Nearly 3 million miles of pipeline transporting natural gas, oil, and other haz- 
ardous liquids crisscross the United States. While an efficient and comparatively 
safe means of transport, these pipelines carry materials with the potential to cause 
public injury, destruction of property, and environmental damage. The Nation’s 
pipeline network is also widespread, running alternately through remote and dense- 
ly-populated regions. Pipelines are operated by increasingly sophisticated computer 
systems which manage their product flows and provide continuous information on 
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their status. Due to their scale, physical exposure, and reliance on computer con- 
trols, pipelines are vulnerable to accidents, operating errors, and malicious attacks. 

Congress has had long-standing concern about the security of the Nation’s pipe- 
line network. Beginning with the Aviation and Transportation Security Act of 2001 
(Pub. L. 107-71), which established the Transportation Security Administration, 
and continuing through the PIPES Act of 2006 (Pub. L. 109^68) and the Imple- 
menting Recommendations of the 9/11 Commission Act of 2007 (Pub. L. 110-53), 
Congress has enacted specific statutory provisions to help secure pipelines. Like- 
wise, successive Presidential administrations have promulgated executive orders es- 
tablishing a Federal framework for the security of pipelines, among other critical 
infrastructure. The 114th Congress is overseeing the implementation of the Federal 
pipeline security program and considering new legislation related to the Nation’s 
pipeline systems. In particular, the SAFE PIPES Act (S. 2776), which reauthorizes 
the Federal pipeline safety program, would also mandate a report to Congress on 
the staffing, resource allocation, oversight strategy, and management of the Federal 
pipeline security program (§ 20). 

Physical Threats to Pipeline Security 

Pipelines are vulnerable to intentional attacks using firearms, explosives, or other 
physical means. Oil and gas pipelines, globally, have been a favored target of terror- 
ists, militant groups, and organized crime. For example, in 1996, London police 
foiled a plot by the Irish Republican Army to bomb gas pipelines and other utilities 
across the city.^ In Colombia, rebels have bombed the Canon Lemon oil pipeline and 
other pipelines hundreds of times since 1993, most recently last March.^ Likewise, 
militants in Nigeria have repeatedly attacked oil pipelines, including coordinated 
bombings of 3 pipelines in 2007 and the sophisticated bombing of an underwater 
pipeline in 2016.^ A rebel group detonated bombs along Mexican oil and natural gas 
pipelines in July and September 2007.’^ Natural gas pipelines in British Columbia, 
Canada, were bombed 6 times between October 2008 and July 2009 by unknown 
perpetrators in acts classified by authorities as environmentally motivated “domes- 
tic terrorism.”® In 2009, the Washington Post reported that over $1 billion of crude 
oil had been stolen directly from Mexican pipelines by organized criminals and drug 
cartels.® 

Pipelines in the United States have also been targeted by terrorists and other ma- 
licious individuals. In 1999, Vancouver police arrested a man planning to bomb the 
Trans Alaska Pipeline System (TAPS) for personal profit in oil futures.'^ In 2005 a 
U.S. citizen sought to conspire with al-Qaeda to attack TAPS and a major natural 
gas pipeline in the eastern United States.® In 2006 Federal authorities acknowl- 
edged the discovery of a detailed posting on a website purportedly linked to al- 
Qaeda that reportedly encouraged attacks on U.S. pipelines, especially TAPS, using 
weapons or hidden explosives.® In 2007, the U.S. Department of Justice arrested 
members of a terrorist group planning to attack jet fuel pipelines and storage tanks 
at the John F. Kennedy International Airport.^® In 2011, a man planted a bomb, 
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which did not detonate, along a natural gas pipeline in Oklahoma.i^ In 2012, a man 
who reportedly had been corresponding with “Unabomber” Ted Kaczynski unsuc- 
cessfully bombed a natural gas pipeline in Plano, Texas. To date, there have been 
no successful bombings of U.S. pipelines, but the threat of physical attacks remains 
credible. 

Cyber Threats to Pipelines 

Although physical attacks on pipelines have been a focus in North America and 
elsewhere, the sophisticated computer systems used to operate pipeline systems are 
also vulnerable to cyber attacks. Cyber infiltration of supervisory control and data 
acquisition (SCADA) systems could allow “hackers” to disrupt pipeline service and 
cause spills, explosions, or fires — all from remote locations via the internet or other 
communication pathways. Such an approach reportedly was used to cause the 2008 
explosion of the Baku-Tbilisi-Ceyhan oil pipeline in Turkey. 

In March 2012, the Industrial Control Systems Cyber Emergency Response Team 
housed within the Department of Homeland Security identified an on-going series 
of cyber intrusions among U.S. natural gas pipeline operators dating back to Decem- 
ber 2011. According to the agency, various pipeline companies described targeted 
spear-phishing attempts and intrusions into multiple natural gas pipeline sector 
organizations “positively identified ... as related to a single campaign.”^® In 2011, 
computer security company McAfee reported similar “coordinated covert and tar- 
geted” cyber attacks originating primarily in China against global energy compa- 
nies. The attacks began in 2009 and involved spear-phishing, exploitation of Micro- 
soft software vulnerabilities, and the use of remote administration tools to collect 
sensitive competitive information about oil and gas fields. In 2010, the Stuxnet 
computer worm was first identified as a threat to industrial control systems. Al- 
though the Stuxnet software initially spreads indiscriminately, the software in- 
cludes a highly specialized industrial process component targeting specific industrial 
SCADA systems built by the Siemens company.!^ The increased vulnerability of 
pipeline SCADA systems due to their modernization, taken together with the emer- 
gence of SCADA-specific malicious software and the recent cyber attacks, suggests 
that cybersecurity threats to pipelines have been increasing. 

Potential Consequences of Pipeline Releases 

Although there have been no intentional releases from U.S. pipelines due to 
bombing or cyber attacks, accidental releases may illustrate the potential con- 
sequences of a successful attack. Pipeline accidents in the United States, on the 
whole, cause few fatalities compared to other product transportation modes, but 
such accidents have been catastrophic in several cases. For example, a 1999 gasoline 
pipeline accident in Bellingham, WA, killed 3 people and caused $45 million in dam- 
age to a city water plant and other property.^® In 2000, a natural gas pipeline acci- 
dent near Carlsbad, NM, killed 12 campers. A 2010 natural gas pipeline explosion 
in San Bruno, CA, killed 8 people, injured 60 others, and destroyed 37 homes.^® A 


i^U.S. Attorney’s Office, “Konawa Man Sentenced for Attempting to Destroy or Damage Prop- 
erty Using an Explosive,” press release, December 5, 2012. 

i^Valerie Wigglesworth, “Plano Blast Suspect Corresponded with Unabomber,” Dallas Morn- 
ing News, June 29, 2014; U.S. Attorney’s Office, “Plano Man Guilty in Pipeline Bombing Inci- 
dent,” press release, June 3, 2013. 

Jordan Robertson and Michael Riley, “Mysterious ’08 Turkey Pipeline Blast Opened New 
Cyberwar,” Bloomberg, December 10, 2014. 

11 “Spear-phishing” involves sending official-looking e-mails to specific individuals to insert 
harmful software programs (malware) into protected computer systems; to gain unauthorized ac- 
cess to proprietary business information; or to access confidential data such as passwords, social 
security numbers, and private account numbers. 

1® Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), “Gas Pipeline 
Cyber Intrusion Campaign,” ICS-CERT Monthly Monitor, April 2012, p.l, http:/ Iwww.us- 
cert.gov / control systems / pdf / ICS-CERT Monthly Monitor Apr2012.pdf. 

1® McAfee Foundstone Professional Services and McAfee Labs, Global Energy Cyberattacks: 
“Night Dragon,” white paper, February 10, 2011, p. 3, http:/ I www.mcafee.com /us /resources! 
white-papers / wp-global-energy-cyberattacks-night-dragon.pdf. 

11 Tobias Walk, “Cyber-attack Protection for Pipeline SCADA Systems,” Pipelines Inter- 
national Digest, January 2012, p. 7. 

13 National 'Transportation Safety Board, Pipeline Rupture and Subsequent Fire in Bel- 
lingham, Washington June 10, 1999, NTSB/PAR— 02/02, October 8, 2002. 

13 National Transportation Safety Board, Natural Gas Pipeline Rupture and Fire Near Carls- 
bad, New Mexico August 19, 2000, NTSB/PAR— 03— 01, February 11, 2003. 

33 National Transportation Safety Board, Pacific Gas and Electric Company Natural Gas 
Transmission Pipeline Rupture and Fire, San Bruno, California, September 9, 2010, NTSB/PAR— 
11/01, August 30, 2011. 
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2010 pipeline spill released 819,000 gallons of crude oil into a tributary of the Kala- 
mazoo River near Marshall, MI.^i A 2014 natural gas distribution pipeline explosion 
in New York City killed 8 people, injured 50 others, destroyed 2 5-story buildings, 
and caused the temporary closure of a transit line due to debris. Such accidents 
demonstrate the potential risk to human life, property, and the environment. Dis- 
ruption of service from these pipelines also caused economic and operational impacts 
among the pipelines’ customers. Such accidents have generated substantial scrutiny 
of pipeline regulation and increased State and community activity related to pipe- 
line safety and security.^® 

THE FEDERAL ROLE IN PIPELINE SECURITY 

Federal pipeline security efforts originated in the pipeline safety program. The 
Natural Gas Pipeline Safety Act of 1968 (Pub. L. 90-481) and the Hazardous Liquid 
Pipeline Act of 1979 (Pub. L. 96-129) are 2 of the principal early acts establishing 
the Federal role in pipeline safety. Under both statutes, the Transportation Sec- 
retary is given primary authority to regulate key aspects of inter-State pipeline safe- 
ty: Design, construction, operation and maintenance, and spill response planning. At 
the end of fiscal year 2015, the Department of Transportation (DOT) employed 234 
pipeline safety staff in its Pipeline and Hazardous Materials Safety Administration 
(PHMSA).24 In addition to its own staff, PHMSA’s enabling legislation allows the 
agency to delegate authority to intra-State pipeline safety offices, and allows State 
offices to act as “agents” administering inter-State pipeline safety programs (exclud- 
ing enforcement) for those sections of inter-State pipelines within their bound- 
aries.2® There were approximately 330 full-time equivalent State pipeline safety in- 
spectors in 2015.^® 

Presidential Decision Directive 63, issued by the Clinton administration in 1998, 
assigned to the DOT lead responsibility for pipeline security as well as safety.^^ 
Under this authority, after the terrorist attacks of September 11, 2001, the DOT 
conducted a vulnerability assessment to identify critical pipeline facilities and 
worked with industry groups and State pipeline safety organizations to assess the 
industry’s readiness to prepare for, withstand, and respond to a terrorist attack.^® 
Together with the Department of Energy and State pipeline agencies, the DOT pro- 
moted the development of consensus standards for security measures^® tiered to 
correspond with the 5 levels of threat warnings issued by the Office of Homeland 
Security.®® The DOT also developed protocols for inspections of critical facilities to 
ensure that operators implemented appropriate security practices. To convey emer- 
gency information and warnings, the DOT established a variety of communication 
links to key staff at the most critical pipeline facilities throughout the country. The 
DOT also began identifying near-term technology to enhance deterrence, detection, 
response, and recovery, and began seeking to advance public and private-sector 
planning for response and recovery.®^ 
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ness, December 2001. 

22 See: American Petroleum Institute and National Petrochemical and Refiners Association, 
Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, 
March 2002; Interstate Natural Gas Association of America (INGAA) and American Gas Asso- 
ciation (AGA), Security Guidelines for the Natural Gas Industry, September 2002. 

®2 Ellen Engleman, Administrator, Research and Special Programs Administration (RSPA), 
statement before the Subcommittee on Energy and Air Quality, House Energy and Commerce 
Committee, March 19, 2002. 

Ellen Engleman, Administrator, Research and Special Programs Administration (RSPA), 
statement before the Subcommittee on Highways and Transit, House Transportation and Infra- 
structure Committee, February 13, 2002. 



27 


In September 2002, the DOT circulated formal guidance developed in cooperation 
with the pipeline industry associations defining the agency’s security program rec- 
ommendations and implementation expectations. This guidance recommended that 
operators identify critical facilities, develop security plans consistent with prior 
trade association security guidance, implement these plans, and review them annu- 
ally. ^2 While the guidance was voluntary, the DOT expected compliance and in- 
formed operators of its intent to begin reviewing security programs within 12 
months, potentially as part of more comprehensive safety inspections.^® 

Transferring Pipeline Security to TSA 

In November 2001, President Bush signed the Aviation and Transportation Secu- 
rity Act (Puh. L. 107-71) establishing the Transportation Security Administration 
(TSA) within the DOT. According to TSA, the act placed the DOT’s pipeline security 
authority (under PDD-63) within TSA. The act specified for TSA a range of duties 
and powers related to general transportation security, such as intelligence manage- 
ment, threat assessment, mitigation, and security measure oversight and enforce- 
ment, among others. On November 25, 2002, President Bush signed the Homeland 
Security Act of 2002 (Pub. L. 107-296) creating the Department of Homeland Secu- 
rity (DHS). Among other provisions, the act transferred to DHS the Transportation 
Security Administration from the DOT (§ 403). On December 17, 2003, President 
Bush issued Homeland Security Presidential Directive 7 (HSPD-7), clarifying execu- 
tive agency responsibilities for identifying, prioritizing, and protecting critical infra- 
structure. HSPD-7 maintains DHS as the lead agency for pipeline security (par. 
15), and instructs the DOT to “collaborate in regulating the transportation of haz- 
ardous materials by all modes (including pipelines)” (par. 22h). The order requires 
that DHS and other Federal agencies collaborate with “appropriate private sector 
entities” in sharing information and protecting critical infrastructure (par. 25). TSA 
joined both the Energy Government Coordinating Council and the Transportation 
Government Coordinating Council under provisions in HSPD-7. The missions of the 
councils are to work with their industry counterparts to coordinate critical infra- 
structure protection programs in the energy and transportation sectors, respectively, 
and to facilitate the sharing of security information. 

HSPD-7 also required DHS to develop a National plan for critical infrastructure 
and key resources protection (par. 27), which the agency issued in 2006 as the Na- 
tional Infrastructure Protection Plan (NIPP). The NIPP, in turn, required each crit- 
ical infrastructure sector to develop a Sector-Specific Plan (SSP) that describes 
strategies to protect its critical infrastructure, outlines a coordinated approach to 
strengthen its security efforts, and determines appropriate funding for these activi- 
ties. Executive Order 13416 further required the transportation sector SSP to pre- 
pare annexes for each mode of surface transportation.®® In accordance with the 
above requirements the TSA issued its Transportation Systems Sector-Specific Plan 
and Pipeline Modal Annex in 2007 with an update on 2010. 

tsa’s pipeline security activities 

Although the TSA has regulatory authority for pipeline security under Pub. L. 
107-71 and Pub. L. 110-53, its activities to date have relied upon voluntary indus- 
try compliance with the agency’s security guidance and best practice recommenda- 
tions.®® TSA has administered a multifaceted program to facilitate these efforts. In 
2003, TSA initiated its on-going Corporate Security Review (CSR) program, wherein 
the agency visits the largest pipeline and natural gas distrihution operators to re- 
view their security plans and inspect their facilities. During the reviews, TSA evalu- 
ates whether each company is following the intent of the DOT’s voluntary security 
guidance, as updated by TSA, and seeks to maintain the list of assets each company 
has identified meeting the criteria established for critical facilities. In 2008, the TSA 
initiated its Critical Facility Inspection Program (CFI), under which the agency con- 
ducted in-depth inspections of all the critical facilities of the 125 largest pipeline 
systems in the United States. The agency estimated that these 125 pipeline systems 


®2 James K. O’Steen, Research and Special Programs Administration (RSPA), Implementation 
ofRSPA Security Guidance, presentation to the National Association of Regulatory Utility Com- 
missioners, February 25, 2003. 
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33 Transportation Security Administration, Pipeline Security Guidelines, April 2011, and Pipe- 
line Security Smart Practice Observations, September 19, 2011. 
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collectively included approximately 600 distinct critical facilities.^'^ TSA concluded 
the initial round of CFI inspections in 2011, having completed a total of 347 site 
visits throughout the United States.^® 

Over the last decade, TSA has engaged in a number of additional pipeline security 
initiatives, including: 

• Developing a statistical tool used for relative risk ranking and prioritization, 

• Completing a security incident and recovery protocol plan mandated under Pub. 
L. 110-53, 

• Initiating a program to address risks from pipeline transportation of hazardous 
materials other than oil and natural gas, 

• Assessing U.S. and Canadian security and planning for critical cross-border 
pipelines, 

• Convening international pipeline security forums for U.S. and Canadian govern- 
ments and pipeline industry officials, 

• Facilitating pipeline security drills and exercises including those under the 
Intermodal Security Training Exercise Program (I-STEP), 

• Developing pipeline security awareness training materials, 

• Convening periodic information-sharing conference calls between key pipeline 
security stakeholders, and 

• Participating in Sector Coordinating Councils and Joint Sector Committees.^® 

In addition to these activities, TSA has also conducted regional supply studies for 

key natural gas markets, has conducted training on cybersecurity awareness, has 
participated in pipeline blast mitigation studies, and has joined in “G-8” multi- 
national security assessment and planning."^® 

Pipeline Cybersecurity Initiatives 

Pipeline cybersecurity is an element of several Eederal initiatives within DHS.'^^ 
Eor example, TSA has included a number of general cybersecurity provisions in its 
industry security guidance^® and has encouraged industry compliance with the Na- 
tional Institute of Standards and Technology (NIST) Framework for Improving Crit- 
ical Infrastructure Cybersecurity TSA has also employed the http:! ! 
www.nist.gov ! cyberframework / upload / cybersecurity-framework-021214.pdf. 

Cybersecurity Assessment and Risk Management Approach (CARMA) in collabo- 
rating with key stakeholders to identify pipeline industry value chains, critical func- 
tions, and supporting cyber infrastructure.^'^ The agency has also coordinated with 
DHS and the Department of Energy to harmonize existing cybersecurity risk man- 
agement programs. Pipelines are also included in DHS’s multi-modal cybersecurity 
initiatives, such as its Industrial Control Systems Cyber Emergency Response Team 
(ICS-CERT).'‘® The TSA also has established a public/private partnership-based cy- 
bersecurity program supporting the National Infrastructure Protection Plan. Pipe- 
line operators have participated in DHS-sponsored control systems cybersecurity 


Department of Homeland Security, “Extension of Agency Information Collection Activity 
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training and also participate in the DHS Industrial Control Systems Joint Working 
Group.''® 

Outside DHS, the Department of Energy operates the National SCADA Test Bed 
Program, a partnership with Idaho National Laboratory, Sandia National Labora- 
tories, and other National laboratories which addresses control system security chal- 
lenges in the energy sector. Among its key functions, the program performs control 
systems testing, research and development; control systems requirements develop- 
ment; and industry outreach.''’^ Sandia Laboratories also performs authorized defen- 
sive cybersecurity assessments for Government, military, and commercial customers 
through its Information Design Assurance Red Team (IDART) program.''® 

The Relationship Between DOT and TSA 

Since TSA was established. Congress has had a continuing interest in the appro- 
priate division of pipeline security authority between the DOT and TSA.''® Both the 
DOT and TSA have played important roles in the Federal pipeline security program, 
with TSA the designated lead agency since 2002. In 2004, the DOT and DHS en- 
tered into a memorandum of understanding (MOU) concerning their respective secu- 
rity roles in all modes of transportation. The MOU notes that DHS has the primary 
responsibility for transportation security with support from the DOT, and estab- 
lishes a general framework for cooperation and coordination. On August 9, 2006, the 
departments signed an annex “to delineate clear lines of authority and responsibility 
and promote communications, efficiency, and nonduplication of effort through co- 
operation and collaboration between the parties in the area of transportation secu- 
rity.”®® 

In January 2007, DOT officials testified before Congress that the agency had es- 
tablished a joint working group with TSA “to improve interagency coordination on 
transportation security and safety matters, and to develop and advance plans for 
improving transportation security,” presumably including pipeline security.®' Ac- 
cording to TSA, the working group developed a multi-year action plan specifically 
delineating roles, responsibilities, resources, and actions to execute 11 program ele- 
ments: Identification of critical infrastructure/key resources and risk assessments; 
strategic planning; developing regulations and guidelines; conducting inspections 
and enforcement; providing technical support; sharing information during emer- 
gencies; communications; stakeholder relations; research and development; legisla- 
tive matters; and budgeting.®^ Nonetheless, a DOT Inspector General (IG) assess- 
ment published May 2008 was not satisfied with this plan. The IG report stated 
that, although the agencies 

“have taken initial steps toward formulating an action plan to implement the provi- 
sions of the pipeline security annex . . . further actions need to be taken with a 
sense of urgency because the current situation is far from an ‘end state’ for enhanc- 
ing the security of the Nation’s pipelines.”®® 

The assessment recommended that the DOT and TSA finalize and execute their se- 
curity annex action plan, clarify their respective roles, and jointly develop a pipeline 
security strategy that maximizes the effectiveness of their respective capabilities 
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and efforts.®"* According to TSA, working with the DOT “improved drastically” after 
the release of the IG report; the 2 agencies began maintaining daily contact, sharing 
information in a timely manner, and collaborating on security guidelines and inci- 
dent response planning.®® 


KEY POLICY ISSUES 

While the Federal Government has been engaged in various efforts to protect the 
Nation’s oil and natural gas pipelines from deliberate attacks since September 11, 
2001, questions remain regarding the structure and effectiveness of these efforts. 
Three specific issues, in particular, may warrant further Congressional consider- 
ation: (1) TSA’s pipeline security resources, (2) voluntary versus mandatory security 
standards, and (3) uncertainty about security risks to the Nation’s pipeline network. 

TSA Pipeline Security Resources 

Some Members of Congress have been critical in the past of TSA’s level of funding 
of non-aviation security activities, including pipeline activities. For example, as one 
Member remarked in 2005, “aviation security has received 90% of TSA’s funds and 
virtually all of its attention. There is simply not enough being done to 
address . . . pipeline security.”®® At a Congressional hearing in 2010, another 
Member expressed concern that TSA’s pipeline division did not have sufficient staff 
to carry out a Federal pipeline security program on a National scale.®'^ With respect 
to pipeline security funding, little may have changed since 2005. The President’s fis- 
cal year 2017 budget request for DHS does not include a separate line item for 
TSA’s pipeline security activities. The budget does request $110.8 million for “Sur- 
face Transportation Security,” which encompasses security activities in non-aviation 
transportation modes, including pipelines. The budget would fund 761 full-time 
equivalent (FTE) employees.®® TSA’s pipeline branch has traditionally received from 
the agency’s general operational budget an allocation for routine operations, travel, 
and outreach. The budget historically has funded on the order of 10 to 15 FTE staff 
to carry out the agency’s pipeline security program.®® 

At its current staffing level, TSA’s pipelines branch has limited field presence for 
pipeline site visits, and has constrained capabilities for updating standards, inter- 
acting in the various stakeholder groups with which it collaborates, analyzing secu- 
rity information, and fulfilling other administrative responsibilities. In conducting 
a pipeline corporate security review, for example, TSA typically sends 1 to 3 staff 
to hold a 3- to 4-hour interview with the operator’s security representatives followed 
by a visit to only 1 or 2 of the operator’s pipeline assets.®® There is concern by some 
that the agency’s GSRs (as currently structured) may not allow for rigorous security 
plan verification nor a credible threat of enforcement, so operator compliance with 
security guidance is uncertain. The limited number of GSR’s the agency can com- 
plete in a year has also been a concern to some, even within TSA. According to a 
2009 Government Accountability Office report, “TSA’s pipeline division stated that 
they would like more staff in order to conduct its corporate security reviews more 
frequently,” in part because other staff responsibilities such as “analyzing secondary 
or indirect consequences of a terrorist attack and developing strategic risk objectives 
required much time and effort.”®* 

'PSA’s handful of field inspection staff stands in contrast to the hundreds of pipe- 
line safety inspection staff available to the DOT at the Federal and State levels. 
Furthermore, in the face of an expanding U.S. pipeline network and evolving safety 
requirements, DOT’s budget authority for pipeline safety has more than doubled 
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over the last 10 years.®^ Given this disparity, it may be logical to consider whether 
dot’s field staff, who are charged with inspecting the same pipeline systems as 
TSA, could somehow be deployed to help fulfill the Nation’s pipeline security objec- 
tives. The question also arises whether having separate inspections of the same 
pipeline systems for safety and security may be inherently inefficient, or may miss 
an opportunity for more frequent or thorough examination of pipeline security. Pre- 
sumably many of the jurisdictional, operational, or administrative issues that were 
considered in the drafting of the 2004 MOU between DOT and TSA remain un- 
changed, but new factors — such as the evolving threat environment or greater expe- 
rience with pipeline company security efforts — could warrant a reconsideration of 
the relationship between the agencies. 

Voluntary vs. Mandatory Pipeline Security Standards 

Federal pipeline security activities to date have relied upon voluntary industry 
compliance with DOT’s original security guidance, which later became TSA’s secu- 
rity best practices. By initiating this voluntary approach in 2002, DOT sought to 
speed adoption of security measures by industry and avoid the publication of sen- 
sitive security information (e.g., critical asset lists) that would normally be required 
in public rulemaking.®® However, a key subject of debate is the adequacy of the 
TSA’s voluntary approach to pipeline security, generally, and cybersecurity, in par- 
ticular. For example, provisions in the Pipeline Inspection, Protection, Enforcement, 
and Safety Act of 2006 (Pub. L. 109-468) required the DOT Inspector General (IG) 
to “address the adequacy of security standards for gas and oil pipelines” (§ 23(b)(4)). 
The 2008 IG’s report stated that: 

“TSA’s current security guidance is not mandatory and remains unenforceable un- 
less a regulation is issued to require industry compliance . . . [DOT] and TSA will 
need to conduct covert tests of pipeline systems’ vulnerabilities to assess the current 
guidance as well as the operators’ compliance.”®’^ 

Although the IG report did not elaborate on this recommendation, covert testing 
of vulnerabilities would likely include testing of both physical security measures and 
cybersecurity measures. The latter would be in place to protect pipeline SCADA sys- 
tems and sensitive operating information such as digital pipeline maps, system de- 
sign data, and emergency response plans. Consistent with the IG’s recommendation, 
an April 2011 White House proposal®® and the Cybersecurity Act of 2012 (S. 2105) 
both would have mandated the promulgation of cybersecurity regulations for pipe- 
lines, among other provisions, although these proposals would not necessarily have 
conferred upon TSA any authority it does not already have to regulate pipeline secu- 
rity. 

In contrast to the IG’s conclusions and the legislative proposals above, the pipe- 
line industry has consistently expressed concern that security regulations could be 
“redundant” and “may not be necessary to increase pipeline security.”®® Echoing this 
sentiment, a DOT official testified in 2007 that enhancing security “does not nec- 
essarily mean that we must impose regulatory requirements.”®'^ 

TSA officials have similarly questioned the need for new pipeline security regula- 
tions, particularly the IG’s call for covert testing of pipeline operator security meas- 
ures. The TSA has argued in the past that the agency is complying with the letter 
of Pub. L. 110-53 and that its pipeline operator security reviews are more than 
paper reviews.®® TSA officials assert that security regulations could be counter- 
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productive because they could establish a general standard below the level of secu- 
rity already in place at many pipeline companies based on their company-specific 
security assessments. Because the TSA believes the most critical U.S. pipeline sys- 
tems generally meet or exceed industry security guidance, the agency asserts that 
it achieves better security with voluntary guidelines, and maintains a more coopera- 
tive and collaborative relationship with its industry partners as well.®^ 

The Energy Sector Control Systems Working Group makes related assertions in 
its Roadmap to Achieve Energy Delivery Systems Cybersecurity about the effective- 
ness of cybersecurity standards alone: 

“Although standards may elevate cybersecurity across the energy sector, they do so 
by requiring the implementation of minimum security measures that set a baseline 
for cybersecurity across an industry. These minimum security levels may not be suf- 
ficient to secure the sector against new and quickly evolving risks. Asset owners 
compliant with standards may still be vulnerable to cyber intrusion.”'^*' 

Thus, in addition to cybersecurity requirements, pipeline companies may also 
need appropriate management practices, performance metrics, access to intelligence, 
and other support measures to maximize the effectiveness of their cybersecurity pro- 
grams. 

Although the TSA believes a voluntary approach to pipeline security is most effec- 
tive, Canadian pipeline regulators have come to a different conclusion. In 2010 the 
National Energy Board (NEB) of Canada mandated security regulations for jurisdic- 
tional Canadian petroleum and natural gas pipelines, some of which are cross-bor- 
der pipelines entering the United States. Many companies operate pipelines in both 
countries. In announcing these new regulations, the board stated that it had consid- 
ered adopting the existing cybersecurity standards “as guidance” rather than an en- 
forceable standard, but “taking into consideration the critical importance of energy 
infrastructure protection,” the board decided to adopt the standard into the regula- 
tions.'^'^ Establishing pipeline security regulations in Canada is not completely anal- 
ogous to doing so in the United States as the Canadian pipeline system is much 
smaller and operated by far fewer companies than the U.S. system. Nonetheless, 
Canada’s choice to regulate pipeline security may raise questions as to why the 
United States has not. 

The Federal Energy Regulatory Commission (FERC), which regulates the U.S. 
bulk electric power system, has also taken a more directive approach to infrastruc- 
ture security. The Energy Policy Act of 2005 (Pub. L. 109-58) gave the commission 
authority to oversee the reliability of the bulk power system, including authority to 
approve mandatory security standards. FERC approved mandatory Critical Infra- 
structure Protection cybersecurity reliability standards in 2008.'^^ The commission 
approved mandatory physical security standards in 2014'^^ after a successful phys- 
ical attack on a high-voltage transformer facility in California. While it differs in 
important ways from the pipeline system, the hulk power system faces the same 
threat environment and has many similar security vulnerabilities related to asset 
exposure and reliance on SCADA systems for network operations. 

In addition to examining the regulatory motivations of the NEB and FERC, con- 
sideration of mandatory pipeline security standards within TSA would have to ac- 
count for the requirements to implement such standards. Unlike maintaining vol- 
untary standards, developing pipeline security regulations — with provisions for pipe- 
line operations, inspection, reporting, and enforcement — would involve a complex 
and potentially contentious rulemaking process involving multiple stakeholders. 
Should Congress choose to mandate the promulgation of such regulations, it is not 
clear that TSA’s pipeline security division as currently configured would be up to 


®^John Pistole, Administrator, TSA, testimony before the Senate Committee on Commerce, 
Science, and Transportation hearing on Transportation Security Administration Oversight: Con- 
fronting America’s Transportation Security Challenges, April 30, 2014; Jack Fox, General Man- 
ager, Pipeline Security Division, TSA, Remarks before the Louisiana Gas Association Pipeline 
Safety Conference, New Orleans, LA, July 25, 2012. 

^''Energy Sector Control Systems Working Group, Roadmap to Achieve Energy Delivery Sys- 
tems Cybersecurity, September 2011, p. 15. 

’^'National Energy Board of Canada, Proposed Regulatory Change (PRC) 2010-01, Adoption 
of CSA Z246.1-09 Security Management for Petroleum and Natural Gas Industry Systems, File 
Ad— GA— SEC-SecGen 0901, May 3, 2010, p. 1, https:! Iwwiv.neb-one.gc. cal ll-eng jlivelink.exe ! 

fetch 12000 190463 14090541 614444 IAlS7H7_Proposed_Regulatory Change (PRC)_2010- 

01.pdf!nodeid=614556&vernum=0. 

Federal Energy Regulatory Commission, Mandatory Reliability Standards for Critieal Infra- 
structure Protection, Docket No. RM06— 22-000, Order No. 706, January 18, 2008. 

Federal Energy Regulatory Commission, Physical Security Reliability Standard, Docket No. 
RM14— 15-000, Order No. 802, Issued November 20, 2014. 
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the task. Developing specific cybersecurity regulations may pose a particular chal- 
lenge as the TSA’s pipeline branch has limited existing capability to do so, although 
such capabilities may reside elsewhere in DHS. If mandatory standards were to be 
imposed, there may also be questions as to whether the agency as currently struc- 
tured would have sufficient resources to implement the new security regulations, 
conduct rigorous security plan verification, and pose a credible threat of enforce- 
ment. 

Uncertainty About Security Risks 

A January 2011 Federal threat assessment concluded “with high confidence that 
the terrorist threat to the U.S. pipeline industry is low.”'^'‘ However, subsequent 
events may have increased concerns about pipeline system threats, especially cyber 
threats. In a 2016 Federal Register notice, TSA stated that it expects pipeline com- 
panies will report approximately 30 “security incidents” annually — both physical 
and cyber.'^® The agency has not publicly released a more current pipeline threat 
assessment. 

The pipeline industry’s security risk assessments rely upon information about se- 
curity threats provided by the Federal Government and by pipeline operators them- 
selves. The quantity, quality, and timeliness of this threat information is a key de- 
terminant of what pipeline companies need to be protecting against, and what secu- 
rity measures to take. Incomplete or ambiguous threat information — especially from 
the Federal Government — may lead to inconsistency in physical and cybersecurity 
among pipeline owners, inefficient spending of limited security resources at facilities 
(e.g., that may not really be under threat), or deployment of security measures 
against the wrong threat. 

Concerns about the quality and specificity of Federal threat information have long 
been an issue across all critical infrastructure sectors.'^® Threat information con- 
tinues to be an uncertainty in the case of pipeline network security. There may be 
agreement among Government and industry stakeholders that oil and natural gas 
pipelines in the United States are vulnerable to attack, and that such attacks poten- 
tially could have catastrophic consequences. But the most serious, damaging attacks 
could require operational information and a certain level of sophistication, especially 
in the cyber regime, on the part of potential attackers. Consequently, despite the 
technical arguments, without more specific information about potential targets and 
attacker capabilities, the true risk of a serious attack on the pipeline system re- 
mains an open question. 


CONCLUSION 

The Nation’s pipeline network is attractive to malicious actors and vulnerable to 
both physical and cyber attacks. Based on recent history, a strong Federal pipeline 
security program is clearly necessary; there has been a series of unrelated terrorist 
plots and attempted attacks on U.S. pipelines since at least the 1990s. Real bombs 
have been planted, computers systems have been infiltrated, and perpetrators have 
been imprisoned. Such threats to the pipeline system are likely to continue. 

Both Government and industry have taken numerous steps to improve pipeline 
security since 2001. On their face, these measures have been expansive and seem 
to address the full range of activities and priorities Congress intended when it em- 
barked upon a National strategy for protecting critical infrastructure. However, 
while TSA and industry may be engaged in appropriate pipeline security activities, 
questions remain as to their level of commitment to those activities and how effec- 
tive they have been in protecting the pipeline system. TSA’s pipeline staff would ac- 
count for less than 2% of the agency’s surface transportation security staff under 
the proposed fiscal year 2017 budget, and just over 2% of the staff available to DOT 
under its pipeline safety program. Pipeline company expenditures on security are 
not generally reported, so their level of financial commitment is unknown. Further- 
more, while there have been no publicly reported successful attacks on the U.S. 
pipeline system since 2001, existing physical security measures did not prevent 2 
attackers from planting the live explosive devices along 2 different U.S. pipelines 
in 2011 and 2012 discussed earlier. Their failure to detonate was fortunate. 

The TSA maintains that its pipeline security program, administered as it is and 
relying upon voluntary standards, has been effective in protecting U.S. pipelines 
from physical and cyber attacks. Based on the agency’s corporate security reviews. 


'^^Transportation Security Administration, Office of Intelligence, Pipeline Threat Assessment, 
January 18, 2011, p. 3. 

■'5 81 Fed. Reg. 37, February 25, 2016, p. 94-95. 

"^^See, for example, Philip Shenon, “Threats and Responses: Domestic Security,” New York 
Times, June 5, 2003, p. A15. 



34 


TSA believes security among major U.S. pipeline systems is good, and pipeline oper- 
ators agree. However, without formal security plans and reporting requirements, it 
is difficult for Congress and the general public to know for certain. To a great ex- 
tent, the public must therefore rely on the pipeline industry’s self-interest to protect 
itself from malicious threats. Whether this self-interest is sufficient to generate the 
level of security appropriate for a critical infrastructure sector, and whether impos- 
ing mandatory standards would be a better approach, is open to debate. Faced with 
this uncertainty, legislators must rely upon their own best judgment to reach con- 
clusions about the Federal pipeline security program. If Congress concludes that 
current voluntary measures are insufficient to protect the pipeline system, it may 
decide to provide specific direction to the TSA to develop regulations and provide 
additional resources to support them, as such an effort may be beyond the TSA pipe- 
line branch’s existing capabilities. 

Congress also may assess how the various elements of U.S. pipeline safety and 
security activity fit together in the Nation’s overall strategy to protect critical infra- 
structure. For example, diverting pipeline resources away from safety to enhance se- 
curity might further reduce terror risk, but not overall pipeline risk, if safety pro- 
grams become less effective as a result. Pipeline safety and security necessarily in- 
volve many groups: Federal and State agencies, oil and gas pipeline associations, 
large and small pipeline operators, and local communities. Reviewing how these 
groups work together to achieve common goals could be an oversight challenge for 
Congress. 

Mr. Katko. Thank you, Dr. Parfomak for your testimony. We ap- 
preciate you being here as well. 

I now recognize myself for 5 minutes of questions. 

I want to start by saying I understand the overall setup here. 
The Department of Transportation is in charge of and oversees the 
safety aspects of the pipelines, which includes making sure when 
a guy has a backhoe and, you know, digs where he shouldn’t dig, 
that they respond properly and they have the right procedures in 
place to cut off that pipeline. 

I also understand that on the other side you have security as- 
pects which is TSA’s oversight. At first glance it looks like kind- 
of an odd setup. But it, by all indications from the industry, it does 
seem to work. But there are things that I want to talk about. While 
I am happy that you are all happy, I just want to make sure that 
we are not missing something here. So I will be checking on some 
of the things I have concerns with. 

The first thing is probably the easiest thing. That is for Mr. 
Black. That is with respect to PHMSA and the oil pipeline response 
plans. What would be your suggestion of a way to make sure that 
those things don’t get disclosed to the public when they are sub- 
mitted to Congress? 

Mr. Black. PHMSA has done the right thing. PHMSA’s chief 
counsel has issued guidance to PHMSA staff that the information 
in part 60138, of the last pipeline safety law, can be redacted. They 
have said that it should be. So what we are looking for is Congress, 
when enacting legislation to receive these response plans, to make 
sure you have clear and consistent procedures. 

I am happy to follow up with a specific proposal. But a couple 
of principles. No. 1, there needs to be a clear statement that this 
information should remain confidential and should not be trans- 
mitted to anybody outside of Congressional staff in any form. 

Second, there need to be some specific procedures applied to that. 
I am sure this committee has some specific procedures for certain 
types of information. Those need to be connected. For example, a 
secure reading room, tracking who goes in and who goes out of that 
reading room with information. 
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Then, third, we suggest a penalty or some type of a disciplinary 
mechanism for those people that violate it. We need to make sure 
that this information is secured and is not put into the wrong 
hands while you conduct that oversight that you need to do. 

Mr. Katko. Okay. Thank you very much. 

Now, the other areas I am concerned about, and if I don’t hit on 
them I hope my colleagues on the panel do, are whether the 2011 
guidelines issued by TSA need to be upgraded, the sharing and use 
of actionable information and how sometimes when TSA gets secret 
information that may be helpful, how they are able to share that 
and how can we make that process better sharing it with the pri- 
vate sector. Then of course the things that CRS raised, the re- 
sources issue, the voluntary versus mandatory guidelines issue, 
and what is a level of risk. So let’s just start at the top of the list 
here, and I will work through as much as I can. 

The 2011 guidelines were promulgated prior to the dramatic rise 
of ISIS and the new and dynamic threat that they propose. So 
given that and all the other factors, I know that it doesn’t seem to 
be a high level of threat in the United States where pipeline at- 
tacks, but they have shown a propensity to do those attacks else- 
where, including even Canada. 

So given all that and given the rise of ISIS, do you think it is 
time for TSA to issue an updated guidelines? 

Ms. Proctor. Mr. Chairman, yes. We do agree with you. The 
pipeline security guidelines which were published in 2011, and as 
you know, were a product of the collaboration with our security 
partners and our Federal partners, and we are in the process of up- 
dating those guidelines right now. We have already started the 
process. The process, though, is a collaborative one. 

So we will be continuing our work with our security partners in 
the pipeline industry. So that work has already started. We have 
already started looking at the cyber portions, as a matter of fact, 
and we will be continuing that work so that we have an updated 
version of those guidelines. 

Mr. Katko. Okay. Thank you. Also now with respect to the ac- 
tionable information and use of it, and proper use of it, I presume 
that oftentimes TSA gets information from the secret side. 

I want to — ^you know, anybody can chime in here. I just want to 
make sure that we have the right mechanisms in place. If we don’t 
now, what do we need to put those mechanisms in place so that 
the private sector can be briefed in properly about what the nature 
of those threats are without wrongfully disclosing the sensitive in- 
formation. But we can’t have this gulf, I don’t think, where we 
have this information but we can’t tell them about it. 

So anyone care to address that? I would be happy to hear it. 

Ms. Judge. Yeah. There are several operators that do hold secret 
clearances. Clearances are either issued — are either sponsored by 
TSA themselves. Some of our clearances are through DHS infra- 
structure protection. Some are from the FBI, and some are from 
Department of Energy. At last check there appeared to be over 300 
clearance holders in the oil and natural gas sectors as of a little 
while back. 

Mr. Katko. But we do have 3,000 companies involved. So that 
is — might be a small percentage overall. So how do we — is that 
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adequate, the number of people with the clearances to get this in- 
formation? 

Ms. Judge. It would depend on how many people from each — ^you 
know, are we covering each company’s — each sector in the industry 
well enough? That I wouldn’t be able to answer. 

Mr. Katko. Okay. 

Ms. Judge. I know, for example, we have 3 clearance holders just 
at my company, 1 physical, 1 cyber, and 1 executive. 

Mr Katko. Okay. 

Ms. Proctor. Mr. Chairman, it would certainly depend on the 
nature of the information. If the information is specific, we would 
ensure that the appropriate systems are briefed on that informa- 
tion. If we need to get a tear line on that information, we will do 
that. We will ensure that if there is actionable information, that 
that information gets to the people who need to have it. 

We do have a process with our Office of Intelligence and Analysis 
to ensure that the briefings occur wherever they need to occur 
across the country. We have field intelligence officers that are lo- 
cated at our airports. We have relationships with the FBI field of- 
fices or for those who are in the vicinity of the National Capital Re- 
gion, we can ensure that they are appropriately briefed at TSA 
headquarters. So we have ensured that we have the ability to brief 
wherever that brief needs to be conducted. 

Mr. Katko. Thank you very much. My time has expired, but I 
will maybe come back to some of these questions. 

The Chair now recognizes Ranking Member Rice for 5 minutes 
of questions. 

Miss Rice. Thank you, Mr. Chairman. 

I think I will ask Mr. Black, I guess start with you. There is — 
actually, I should say your study, Mr. Parfomak, there is a para- 
graph that is pretty small in comparison to the rest of the report 
talking about cybersecurity risks. The last statement ends with the 
statement that there is a suggestion that cybersecurity threats to 
pipelines have been increasing. So what specifically has the indus- 
try, both private and public, been doing to address this issue? 

Mr. Black. Well, Dr. Parfomak mentioned rightly there is a 
great concern about cyber, about being prepared for cyber re- 
leases — cyber attacks. Excuse me. 

The first element is this API standard on pipeline’s data security. 
You have to keep your control system completely separate and 
apart from any business system that uses the internet. Then there 
is a number of Government programs that we participate in with 
industry. There is the FBI’s InfraGuard process which is dedicated 
to sharing information. There is the NIST cybersecurity framework 
roadmap, and the — generally the ICS Cert process, the industrial 
control system Cyber Emergency Response Team, a partnership 
dealing with identifying threats, talking about how to prevent 
them. Then also talking about how to recover from those. 

A couple of other API recommended practices. So cyber is on the 
minds of many of our members. When I asked in anticipation of 
this hearing what is the No. 1 security issue that you are thinking 
about, cyber is what I got. So it is on the minds of our security pro- 
fessionals. 
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Miss Rice. So when they say that, what do they give by way of 
example as to why that is their No. 1 concern? Is there enough — 
and I am not asking you to release any — or talk in this public set- 
ting about any kind of confidential or, you know, confidential infor- 
mation, but what 

Mr. Black. Well, in this space I think we are very aware of na- 
tion states and private actors trying to penetrate control systems 
and business systems. Oil and gas and beyond oil and gas. So that 
is something that we are focusing on. I can make sure that you get 
a Classified briefing on that or maybe that is a question for Direc- 
tor Proctor. 

Miss Rice. Well, my question is, is it a — you know, we talk about 
having to stay 2 steps ahead. Right? Is it a technology issue? Is it 
a resource issue? I mean, what is the biggest challenge to ensuring 
that we are doing everything that we can because this cybersecu- 
rity is — I mean, obviously, as noted in this report, is an area of 
great concern. It just doesn’t sound like there is — unless there is 
and you can’t talk about it publicly. I get too, but 

Mr. Black. The threats are evolving and evolving quickly. So the 
industry and Government have to evolve and evolve quickly in 
terms of adapting to this. That is what these information-sharing 
programs are about. Thankfully it is not a prescriptive regulation 
that is outdated. This is real-time sharing of information. Govern- 
ment, what they are seeing, and industry personnel together dis- 
cussing best practices. They might compete on commercial issues, 
but the industry can collaborate very heavily on safety and secu- 
rity. And they do. 

Miss Rice. There is no obstacle to that? They are — ^because, I 
mean, I think everyone understands that it is in everyone’s interest 
to have the same — the best technology, the best controls in place. 

Mr. Black. Absolutely. Yes. 

Miss Rice. So the informational sharing, with your Govern- 
mental partners, do you think that that is accurate? I mean, do you 
think that they give you accurate information, or do they — do you 
think that they withhold any information? Are there any issues re- 
lated to information sharing that need to be addressed? 

Mr. Black. I am not hearing of any concern. I am hearing that 
the Government personnel that are working on these issues are 
very well tied into the threats and the ways to address them. I 
hear a successful collaboration. 

Miss Rice. Great. Thank you. I yield back the balance of my 
time. 

Mr. Katko. Thank you. Miss Rice. 

The Chair now recognizes the gentleman from Georgia, Mr. Car- 
ter for 5 minutes of questioning. 

Mr. Carter. Thank you, Mr. Chairman. Thank each of you for 
being here. This is extremely important. 

Ms. Proctor, I will start with you. I wanted to ask you, it is my 
understanding that TSA measures the risk to pipelines based on 
the amount of energy that is transported. Is that correct? 

Ms. Proctor. Yes, sir. That is one of the criteria. 

Mr. Carter. What are the other criteria? I am sure the type of 
energy that it is or 
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Ms. Proctor. We also look at the number of miles in high-con- 
sequence areas, which are designated by PHMSA. We look at the 
number of pipeline miles in high-threat urban areas, which are 
designated by DHS. We look at those pipelines that serve military 
bases, that serve the Department of Energy strategic petroleum re- 
serves. We look at those that serve electric power plants. So 
there — the energy throughput is not the only consideration. 

Mr. Carter. But it is one of the primary ones? 

Ms. Proctor. It is one. Yes, sir. 

Mr. Carter. Yes. Well, let me ask you. After that is done, then 
the operators identify critical facilities based on what is called the 
pipeline security guidelines. Is that correct? 

Ms. Proctor. Yes, sir. 

Mr. Carter. What is done after that? After the pipeline owners 
identify those critical facilities, what happens after that? 

Ms. Proctor. TSA then schedules reviews of the facilities. So we 
have identified the top 100 or so most critical pipeline systems by 
those criteria that we just named; the energy throughput, their 
pipeline mileage in the high-threat urban areas, and in the high- 
consequence areas. We go out and conduct assessments on-site. 

Corporate security reviews are conducted at the pipeline head- 
quarters where they review the actual corporate security plan. 
They conduct interviews of key security personnel on site. They 
also determine the extent to which the system is adhering to the 
agreed-upon process in the pipeline security guidelines. 

Mr. Carter. Okay. So they are essentially trying to mitigate as 
much risk as they can. 

Ms. Proctor. Yes, sir. 

Mr. Carter. Okay. Let me move on. Ms. Judge, Mr. Black, I will 
direct these toward you-all. Do you feel like the biggest threats 
that the pipeline owners are facing right now, that they have been 
identified by TSA, they have changed any? Are they still the same? 

Mr. Black. Correct. 

Mr. Carter. So you would feel like it is up-to-date as far as the 
biggest threats go? 

Mr. Black. Right. It is physical and cyber and all different types 
of threats. The last security guidelines were issued in 2011, but 
what I hear consistently is that it is not static, is that the know- 
how and the information sharing and the intel that we get from 
TSA and our Federal partners is constantly evolving. It is 2016. It 
is 

Mr. Carter. You are updating them as you go along as well? 

Mr. Black. Yes. 

Mr. Carter. Okay. I want to ask you about — do you feel like that 
industry has gotten the tools that they need in order to mitigate 
as many risks as they can? Do you feel like there is anything else 
we could be doing to assist them? 

Ms. Judge. I believe we have the tools we need. If we realize — 
we come along and we are like — we realize that there is something 
we may need, we just reach out, and usually they are more than 
happy to — you know, we would like a briefing on 1, 2, 3. They ar- 
range to give us a briefing on 1, 2, 3. So there is that constant open 
communication through both one-on-one and through the sector co- 
ordinating councils, through the security committees that 
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Mr. Carter. Okay. 

Ms. Judge [continuing]. When we express needs, we usually get 
what we need. 

Mr. Carter. Well, let me ask you collahoration. Because that is 
extremely important. Do you ever give security clearance to any of 
these pipeline companies, to any of their personnel to possibly 
share any kind of threats with them that you might have heard of? 

Mr. Black. They have Classified and Unclassified briefings on 
these TSA pipeline security calls. There is some For-Official-Use- 
Only information that is in Unclassified settings that you can get 
to more people. Some things have to be shared only in a Classified 
briefing, and they are. 

Mr. Carter. Okay. So you would rate the collaboration as being 
good at this point? 

Mr. Black. Yes. 

Mr. Carter. Okay. I am sorry. I can’t — the glare is too bad. Dr. 
Parfomak. Would you agree with that? 

Mr. Parfomak. Excuse me. Could you repeat the question? 

Mr. Carter. Would you agree that the collaboration between pri- 
vate industry and TSA has b^een good? 

Mr. Parfomak. As I mentioned in my opening statement, CRS 
doesn’t advocate policy or take a position on that. Whether the col- 
laboration has been good, as I said in my opening statement, is a 
debatable point. Others have raised the issue of, for instance, 
dot’s and TSA’s collaboration, and that may have been evolving 
over the last number of years. 

Mr. Carter. Okay. Well, obviously, you-all understand how im- 
portant collaboration is. So I would certainly hope we are making 
a concerted effort at doing the best we can with that. 

Thank you, Mr. Chairman. 

Mr. Katko. Thank you, Mr. Carter. 

The Chair now recognizes the gentleman from Texas, Mr. 
Ratcliffe, for 5 minutes of questioning. 

Mr. Ratcliffe. Thank you, Mr. Chairman, Ranking Member. 

This is an important hearing today, not just for the country but 
particularly my home State of Texas. Texas has the largest pipeline 
infrastructure in the Nation, more than 425,000 miles of pipeline 
in our State, which is roughly, I believe, one-sixth of the total pipe- 
line mileage in the United States. Many of those pipelines do actu- 
ally run through the Fourth Congressional District that I am privi- 
leged to represent. 

So I appreciate all of you being here today to talk about the on- 
going efforts to secure our pipeline infrastructure and what can be 
done to enhance the partnership between TSA and industry. 

Director Proctor, in your written testimony you referenced the re- 
cent attacks in Brussels to illustrate the fact that terrorist threats 
have grown incredibly complex, we know that, and that terrorist 
actors can become radicalized to carry out these attacks with little 
or no warning. I agree with your assessment of the current threats 
posed by these terrorists. I was also pleased to hear that TSA and 
the pipeline industry have a good working relationship to protect 
our critical infrastructure. 

I am curious, though, with roughly 3,000 private companies who 
own and operate the Nation’s pipelines, how does TSA commu- 



40 


nicate threat assessments to these companies and recommend im- 
proved measures in the wake of potential threats made against a 
specific pipeline? 

Ms. Proctor. Thank you for that question. 

Our Office of Intelligence and Analysis conducts an assessment, 
an annual assessment, of the threats to the pipeline industry. One 
of those assessments is an Unclassified assessment that we can 
share with industry. We do share that. We share that with the 
pipeline industry and we continually communicate information that 
we get from our intelligence and analysis office if there is any in- 
formation that could indicate a possible threat, a generalized 
threat. 

If it is a specific threat and it is Classified information, we ar- 
range for a Classified briefing with that particular entity. We do 
have the means to do that through our partners either with the 
FBI at a local field office, with a field intelligence officer at an air- 
port, or through a meeting at TSA headquarters. We can provide 
Classified information. 

Mr. Ratcliffe. So in addition to the briefing, though, in a Clas- 
sified setting, are you making specific recommendations? If so, are 
you finding that industry is receptive to those? 

Ms. Proctor. We do make specific recommendations. We conduct 
both corporate security reviews and critical facility security re- 
views. At the conclusion of that review, and they are done on-site 
at the pipeline facility, there are recommendations, if it is appro- 
priate, there are recommendations that are made and provided to 
the security director of the pipeline organization. They are provided 
at the time. They are followed up with written recommendations. 

So we do those on-site assessments and provide those rec- 
ommendations that are specific to that company. We provide more 
generalized recommendations for security in our monthly con- 
ference calls or calls that may be generated by some issue that has 
occurred in the news. If we feel it appropriate, we will have a con- 
ference call just to share information that we have, and to share 
any recommendations that we think would help enhance the secu- 
rity in the pipeline industry. 

Mr. Ratcliffe. Thank you. Very quickly, I want to move to the 
industry side, because I know Mr. Black, Ms. Judge, that, you 
know, with the evolution of technology and the need to keep your 
technology updated to protect infrastructure from bad actors, I am 
curious about your perspectives on the partnership between TSA 
and industry in advancing proactive security measures. 

Specifically I want your perspectives on whether TSA, from your, 
again, perspective, is timely sharing cyber threat information and 
intelligence information in such a way that is allowing you to bol- 
ster your defenses against these threats? 

Mr. Black. From liquids pipelines, I am not hearing any con- 
cerns about timeliness. I am hearing that, just as you and Director 
Proctor discussed, that we get company-specific guidance on com- 
pany-specific issues. The concern that I am hearing is the TSA has 
some important vacancies in the pipeline security division that 
need to be filled. We are looking forward to those being filled with 
good quality people so that we can have more people to collaborate 
with. 
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Mr. Ratcliffe. Great. Ms. Judge, do you want to weigh in? 

Ms. Judge. Yes. We haven’t heard of any in the natural gas pipe- 
line side of things not getting timely information. We actually get 
very timely information, oftentimes from several different depart- 
ments and at the same time. So we are getting timely information 
sometimes 3 or 4 times being the same information. So no issues 
there. 

Mr. Ratcliffe. Okay. Well. My time has expired, but if the 
Chairman will indulge just very quickly, because I want to give you 
an opportunity, and maybe this has been asked. But if you could 
alter the relationship between TSA and industry in one specific 
way or a specific way to better secure our pipeline infrastructure, 
what change would you recommend? 

Ms. Judge. As of this minute, the one change I would make 
would be to fill, as Andy said, fill the open positions so that we can 
start collaborating more closely again with whomever is coming in. 
Part of that is, as Sonya said, we are currently reviewing the pipe- 
line guidelines, and that is a collaborative effort with TSA and with 
the industry through the Pipeline Sector Coordinating Council. It 
would be really great once they do hire and on-board the new re- 
placement for the head of this group, we can, you know, work real 
closely with them to get these guidelines updated and get them out 
there so people can implement any changes they need to. 

Mr. Ratcliffe. Terrific. Thank you. 

Mr. Black. It is people. It is leadership roles that have been 
filled that — we would be remiss if we didn’t praise Jack Fox who 
recently retired from TSA. That is big shoes to fill. Jack did a nice 
job at helping us all be focused on pipeline security. If they can find 
the right type of people to succeed Jack and a couple of the other 
positions, we will be better off and ready to collaborate more in- 
tensely. 

Mr. Ratcliffe. Terrific. Thank you all for being here. Chairman, 
thanks for your indulgence. 

Mr. Katko. Thank you. Excellent questions. Thank you, Mr. 
Ratcliffe. 

All right. I just have few more questions, and of course any of 
my other colleagues that are here can follow up if they wish. 

With respect to resources — I want to follow — what is the reason, 
Ms. Proctor, for some of those openings? How — when do you plan 
on filling them? 

Ms. Proctor. Mr. Chairman, we have recently had the retire- 
ment of Mr. Jack Fox, the long-time manager and leader of our 
pipeline office. They are very big shoes to fill. We recognize the im- 
portance of having industry experience in our pipeline office. So we 
have recruited heavily from the industry. I am very happy to say 
that I have interviews scheduled in the next week to actually make 
a selection on the position for the manager of our pipeline office. 

The other positions that we have there have been posted. I have 
received Cert lists on those. We have interviews that are being 
scheduled for those. So we will have a full house in our pipeline 
section. 

Mr. Katko. Okay. How long have those positions been open? 

Ms. Proctor. Mr. Fox actually retired in February. One other 
gentleman just left last month. So they are fairly recent. 



42 


Mr. Katko. Okay. Now that kind of bleeds into my next concern. 
That is what Dr. Parfomak pointed out, and that was potential for 
resource issues. Now, a fiscal conservative like me and someone 
who likes smaller government, it is troublesome to ask a question 
like this. But do you need more resources? 

Ms. Proctor. Mr. Chairman, I don’t know anyone who 
wouldn’t 

Mr. Katko. Such an easy question. Oh my gosh. 

Ms. Proctor [continuing]. Who wouldn’t acknowledge loving 
more resources. Certainly if those resources were available, we 
would invest them and put them to good use. We would invest in 
additional training with our pipeline industry partners, and we 
would also invest in conducting additional assessments at critical 
facilities. 

Mr. Katko. Do you have in mind what exactly the type of posi- 
tions you would like to enhance? Do you have a plan as to what 
you would do with the additional resources that we could look at 
and assess? 

Ms. Proctor. I could certainly provide that, Mr. Chairman. 

Mr. Katko. I would appreciate that. I would like to take a look 
at that. Because I think that, you know, with the emerging threat, 
it may be when you are updating your 2011 guidelines, that might 
impact your thought process too. So perhaps when you submit 
those, I would like to see those, maybe we can have an update as 
to what you think you could do if you had additional resources and 
why you need the additional resources. That would be helpful. I 
would appreciate input from the industry as well on that. 

Now, most of the guidelines and suggestions you issue on the se- 
curity side are voluntary. Is that correct? 

Ms. Proctor. Yes, Mr. Chairman, they are voluntary. 

Mr. Katko. Okay. Now, the cynic in me would say that is why 
the industry likes you so much. Because they are voluntary, not 
mandatory. So would it be helpful to have some of those things — 
or do you ever find any frustration, I should say, with issuing 
guidelines and them not following them, and then you think it is 
really important for them to do so? 

Ms. Proctor. No, sir. I believe the environment in which we op- 
erate now allows a great deal of flexibility. Certainly in the current 
environment with the evolving threats, the ability to be flexible I 
think is very important. We have had great success with voluntary 
guidelines. We have not had any pipeline industry partners to balk 
at complying with the guidelines that we have agreed upon. So we 
are pleased to have this kind of collaboration and this partnership 
with the industry. It allows us to have open discussion, and it al- 
lows us to work in a collaborative way to solutions. So we are very 
pleased with the arrangement. 

Mr. Katko. I must say in going through this hearing and, again, 
preparing for this hearing as well and talking to some of the indi- 
viduals who were going to testify that the spirit of public/private 
cooperation is encouraging. I am a very big advocate of the private 
sector working collaboratively with the Government instead of at 
odds with them. It helps us leverage the finite Government re- 
sources that we have. 
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So I applaud all of you for working collaboratively together. It is 
very important. In this age of budget constraints, the private sector 
has to play a role. It is an increasingly important role. I don’t think 
we should ever be in a situation where the Government is telling 
industry what to do. That is when we have problems. It seems like 
more collaboration here is a very good thing. I applaud all of you 
for what you are doing in keeping our country safe with respect to 
that. 

If you have additional input you want to provide, some things 
you wish we asked you today, please feel free to do so. Please get 
it to us because we will listen and we will take a look at it. But 
this seems like an area, unlike many other areas we have oversight 
of with respect to TSA, that this seems to be working pretty well. 
I am happy to say that. 

So in accordance with our committee rules and practice, I plan 
to recognize — oh, excuse me. All done with that. Pardon me. 

I do want to thank the panel for the thoughtful testimony. Mem- 
bers of the committee may have some additional questions for the 
record. We ask that you respond to those in writing. 

The hearing record will stay open for 10 days. Without objection 
the subcommittee stands adjourned. 

[Whereupon, at 3:24 p.m., the subcommittee was adjourned.] 




APPENDIX 


Questions From Ranking Member Bennie G. Thompson for Sonya Proctor 

Question 1. Given that pipeline systems are within the Transportation System 
sector, one of the 16 critical infrastructure sectors under PPD-21, and that these 
pipelines often depend on computer and communications networks used for auto- 
mated control, please describe, with specificity, what type of coordination, if any, 
there is between TSA and National Protection and Program Directorate to strength- 
en and make more resilient this critical infrastructure. 

Answer. Response was not received at the time of publication. 

Question 2. NPPD has a network of Protective Service Advisors across the country 
who are charged with proactively engaging with the private sector to protect critical 
infrastructure. 

Does your office work with the network of PSAs? 

Answer. Response was not received at the time of publication. 

Question 3. Does TSA or NPPD provide training programs to private industry em- 
ployees that provide security certifications? If so, please elaborate. 

Answer. Response was not received at the time of publication. 

Question 4a. In the planning phases of a pipeline system project, what role, if any, 
does TSA play in decision making regarding security concerns that may arise? 

Question 4b. To your knowledge, are any other agencies involved in making secu- 
rity decisions during the planning phases of pipelines? 

Answer. Response was not received at the time of publication. 

Question 5a. Your testimony states that TSA works closely with DOT’s Pipeline 
and Hazardous Materials Safety Administration (PHMSA). PHMSA handles the 
safety aspect of pipelines, while TSA handles the security aspect. 

Question 5b. Since safety and security are closely associated, could you detail for 
us how TSA works with PHMSA to address both issues? 

Answer. Response was not received at the time of publication. 

Question 6. Ms. Proctor, please detail TSA’s role in providing guidelines to indus- 
try for individuals seeking positions with unrestricted access at critical pipeline as- 
sets. 

Answer. Response was not received at the time of publication. 

Question 7. TSA has regulatory authority over pipeline systems for purposes of 
security. To date, TSA has not exercised this authority. 

How often do you evaluate the security risk to these systems and do you have 
internal criteria for what might trigger regulatory action? 

Answer. Response was not received at the time of publication. 

Question 8. As among the various security risks to pipeline systems, where does 
interference with SCADA control systems factor? 

Do you have risk-modeling to understand what cascading effects may be triggered 
by a cyber or physical attack on a pipeline? 

Answer. Response was not received at the time of publication. 

Question 9a. When are they updating the 2 key 2011 documents and what 
changes should we expect to see? 

Question 9b. Will protection of control systems factor be more prominent? 

Answer. Response was not received at the time of publication. 

Question From Ranking Member Bennie G. Thompson for Kathleen S. Judge 

Question. Ms. Judge, in your testimony you stated that gas companies work close- 
ly with law enforcement personnel and first responders on site-specific plans and 
security drills. 

How often do these security plans and security drills take place, and how often 
are these plans updated? 
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Answer. The question posed relates to how often security plans are updated and 
how often security drills take place. Corporate Security Plans are typically reviewed 
annually and updated as required and as circumstances warrant. Site-Specific Plans 
include measures tailored for each specific critical facility and include specific ac- 
tions to be taken at the elevated and imminent levels of the National Terrorism 
Alert System. As stated in the TSA Pipeline Security Guidelines these plans should 
be reviewed and updated on a periodic basis, not to exceed 18 months. As threats 
evolve, so does security. Typically there is one major security drill or exercise per 
year. Also, periodic security drills or exercises are performed either independently 
or in conjunction with other regularly-scheduled required company drills or exer- 
cises. 

Questions From Ranking Member Bennie G. Thompson for Paul W. Parfomak 

Question 1. When we think of possible attacks on all sectors, we often quantify 
the damage in terms of the potential loss of life. Throughout testimony, we saw re- 
peatedly that the consequences of an attack on our Nation’s pipeline systems could 
cause severe consequences to our economy, environment, as well as the loss of 
human life. Would you please explain to us the possible effects of an attack on our 
pipeline systems in regard to these 3 factors? 

Answer. Because energy pipelines carry volatile, flammable, or toxic materials, 
they have the potential to cause public injury, economic damage, and environmental 
damage in the event of an uncontrolled release — be it the result of an accident or 
deliberate attack. The nature and severity of such consequences in any particular 
incident depend upon many factors, including the product involved, the scale of the 
release, proximity to a population or environmentally-sensitive area, the emergency 
response, and other factors. For example, a natural gas release may present a great- 
er risk to people than crude oil because it is more volatile, but it presents less envi- 
ronmental risk because it burns off quickly or dissipates in air. Crude oil, on the 
other hand, may cause much more extensive environmental harm, particularly when 
released into water where it can spread quickly. Nonetheless, crude oil may still 
cause personal injury, especially if it ignites. The economic impacts of any pipeline 
release involve both damages in the vicinity of the incident and damages due to lost 
commodity and to disruption of the pipeline supplies to customers that depend upon 
them — such as power plants, factories, and refineries. 

As I stated in my written testimony, although there have been no successful ter- 
rorist attacks on pipelines in the United States, notable safety incidents over the 
last 15 years or so illustrate the potential damages from uncontrolled releases. 

• 1999. — A gasoline pipeline explosion in Bellingham, Washington, killed 3 people 
and caused $46 million in damage to a city water plant and other property. 

• 2000. — A natural gas pipeline explosion near Carlsbad, New Mexico killed 12 
campers. 

• 2006. — Pipelines on the North Slope of Alaska leaked over 200,000 gallons of 
crude oil in an environmentally-sensitive area and temporarily shut down 
Prudhoe Bay oil production. 

• 2007. — A release from a propane pipeline near Carmichael, Mississippi killed 2 
people, injured several others, destroyed 4 homes, and burned over 70 acres of 
land. 

• 2010. — A pipeline spill in Marshall, Michigan released 819,000 gallons of crude 
oil into a tributary of the Kalamazoo River. Expenses to clean up the spill ex- 
ceeded $1.2 billion. The pipeline operator also lost $16 million in revenue while 
the line was out of service. 

• 2010. — A natural gas pipeline explosion in San Bruno, California, killed 8 peo- 
ple, injured 60 others, and destroyed 37 homes. California regulators imposed 
on the operator a fine, penalties, and other remedies totaling $1.6 billion. 

• 2011. — A natural gas pipeline explosion in Allentown, PA, killed 5 people, dam- 
aged 50 buildings, and caused 600 people to be evacuated. 

• 2011. — A pipeline spill near Laurel, MT, released an estimated 42,000 gallons 
of crude oil into the Yellowstone River. 

• 2014. — A natural gas distribution pipeline explosion in New York City killed 8 
people, injured 50 others, destroyed 2 5-story buildings, and caused the tem- 
porary closure of a transit line due to debris. 

• 2015. — A pipeline in Santa Barbara County, CA, spilled 143,000 gallons of 
crude oil, including 21,000 gallons reaching Refugio State Beacb on the Pacific 
Ocean. 

These incidents may have imposed additional economic damages among pipeline 
users to the temporary disruption of pipeline supplies, but such “downstream” eco- 
nomic impacts are generally not quantified in accident investigations. 
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Question 2. It seems as though a wide array of Government actors have respon- 
sibilities regarding the safety of pipelines. In your view, are there any areas of over- 
lap or redundancy in the Government’s efforts to ensure that pipelines are secure? 

Answer. Three Federal agencies play the most significant roles in the formulation, 
administration, and oversight of pipeline safety regulations in the United States. 
The Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safe- 
ty Administration (PHMSA) has the primary responsibility for the promulgation and 
enforcement of Federal pipeline safety standards. PHMSA regulates key aspects of 
safety for energy product pipelines in the United States: Design, construction, oper- 
ation and maintenance, and spill response planning (see Title 49 of the Code of Fed- 
eral Regulations). PHMSA’s enabling legislation also allows the agency to delegate 
authority to intra-State pipeline safety offices, and allows State offices to act as 
“agents” administering inter-State pipeline safety programs (excluding enforcement) 
for those sections of inter-State pipelines within their boundaries. The Federal En- 
ergy Regulatory Commission is not operationally involved in pipeline safety, but it 
examines safety issues under its siting authority for inter-State natural gas pipe- 
lines. The National Transportation Safety Board investigates transportation acci- 
dents — including pipeline accidents — and issues associated safety recommendations. 

As stated in my written testimony. Federal oversight of pipeline security falls 
under the jurisdiction of the Transportation Security Administration (TSA) within 
the Department of Homeland Security. Although the TSA has regulatory authority 
for pipeline security, its activities rely upon voluntary industry compliance with the 
agency’s security guidance and best practice recommendations. 

Since TSA was established, Congress has had a continuing interest in the appro- 
priate division of pipeline security authority between the DOT and TSA. In 2004, 
the DOT and DHS entered into a memorandum of understanding (MOU) concerning 
their respective security roles in all modes of transportation. The MOU notes that 
DHS has the primary responsibility for transportation security with support from 
the DOT, and establishes a general framework for cooperation and coordination. On 
August 9, 2006, the Congressional Research Service departments signed an annex 
“to delineate clear lines of authority and responsibility and promote communica- 
tions, efficiency, and nonduplication of effort through cooperation and collaboration 
between the parties in the area of transportation security.”^ According to TSA, the 
2 agencies maintain daily contact, share information in a timely manner, and col- 
laborate on security guidelines and incident response planning. Although pipeline 
safety and security, in some cases, may be operationally related, CRS is not aware 
of any recent reports or industry comments suggesting that there is overlap or re- 
dundancy between TSA’s activities in pipeline security and PHMSA’s activities in 
pipeline safety. 

o 


^Transportation Security Administration and Pipelines and Hazardous Materials Safety Ad- 
ministration, “Transportation Security Administration and Pipelines and Hazardous Materials 
Safety Administration Cooperation on Pipelines and Hazardous Materials Transportation Secu- 
rity,” August 9, 2006. 



